ElfFileSRtD|ElfChnkx *jMu=VysMc&&**  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ! F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=33110b96-e41c-4bab-a3c2-91275f8ea8eb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **O ]Ɋ& '!XO F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**O ]Ɋ& ?!XO F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**O ]Ɋ& ;!XO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**O ]Ɋ& 3!XO F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**O ]Ɋ& 3!XO F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**O ]Ɋ& 5!XO F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0O ]Ɋ& !O F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=564335c5-3dde-43f5-99bb-c4c8c77cb342 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=698e27fe-d461-4829-a016-b88e02638793 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=564335c5-3dde-43f5-99bb-c4c8c77cb342 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**&d3 ]Ɋ& )!X&d3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**&d3 ]Ɋ& A!X&d3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid**&d3 ]Ɋ& =!X&d3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**&d3 ]Ɋ& 5!X&d3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **&d3 ]Ɋ& 5!X&d3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4**&d3 ]Ɋ& 7!X&d3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0&d3 ]Ɋ& !&d3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=93409a62-bc84-4f69-8710-c310239e928c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@od3 ]Ɋ& !od3 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3c89d2e-6f55-4d33-ae42-dc5456f5087e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=93409a62-bc84-4f69-8710-c310239e928c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xod3 ]Ɋ& !Xod3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pod3 ]Ɋ& !Xod3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hod3 ]Ɋ& !Xod3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`od3 ]Ɋ& !Xod3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`od3 ]Ɋ& !Xod3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**hod3 ]Ɋ& !Xod3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh**od3 ]Ɋ&  !od3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e90afcf-8374-4768-a0cc-a258ee80c474 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped **od3 ]Ɋ& !od3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b0f8732-a14c-4b20-9e48-296760e187c3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e90afcf-8374-4768-a0cc-a258ee80c474 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**8Xe3 ]Ɋ& !XXe3 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**PXe3 ]Ɋ& !XXe3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**PXe3 ]Ɋ& !XXe3 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**HXe3 ]Ɋ& !XXe3 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**HXe3 ]Ɋ& !XXe3 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**HXe3 ]Ɋ& !XXe3 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Xe3 ]Ɋ& !Xe3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cad82fe5-7116-4fe7-bb0f-edd135c7ee64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**Xe3 ]Ɋ& !Xe3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7301aa40-629e-4519-aaee-9697da303d08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cad82fe5-7116-4fe7-bb0f-edd135c7ee64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XXe3 ]Ɋ& !XXe3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**pXe3 ]Ɋ& !XXe3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**hXe3 ]Ɋ& !XXe3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`Xe3 ]Ɋ& !XXe3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`Xe3 ]Ɋ& !XXe3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`Xe3 ]Ɋ& !XXe3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Xe3 ]Ɋ& !Xe3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92544816-a505-4907-b058-ec6d301ceb82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xe3 ]Ɋ& !Xe3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e0825f9-c69e-41b0-8be6-573727a88175 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92544816-a505-4907-b058-ec6d301ceb82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **(e3 ]Ɋ& !Xe3 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@e3 ]Ɋ& !Xe3 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@e3 ]Ɋ& !Xe3 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8e3 ]Ɋ& !Xe3 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8e3 ]Ɋ& !Xe3 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=^8**8e3 ]Ɋ& !Xe3 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8**e3 ]Ɋ& !e3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=62869331-8bb0-46ac-884f-95578bacd71e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**2f3 ]Ɋ& !2f3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1e86ba2e-2b39-4f3f-82c4-11b1d8e6d803 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=62869331-8bb0-46ac-884f-95578bacd71e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**X_g3 ]Ɋ& !X_g3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p_g3 ]Ɋ& !X_g3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX_g3 F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&XElfChnk$]n .Mu=VysMc&&**p _g3 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!X_g3 F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **h_g3 ]Ɋ& !X_g3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h_g3 ]Ɋ& !X_g3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h_g3 ]Ɋ& !X_g3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**_g3 ]Ɋ&  !_g3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f93107e-1681-452d-bdb0-b55ac7052bdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=02**Rh3 ]Ɋ& !Rh3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=24758a25-6443-4107-9fc0-2ec08e11c566 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f93107e-1681-452d-bdb0-b55ac7052bdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De**h3 ]Ɋ& '!Xh3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**h3 ]Ɋ& ?!Xh3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**h3 ]Ɋ& ;!Xh3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel**h3 ]Ɋ& 3!Xh3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**h3 ]Ɋ& 3!Xh3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll **h3 ]Ɋ& 5!Xh3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0h3 ]Ɋ& !h3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7b9eb4c1-971e-414b-bd49-b53779e89653 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@#i3 ]Ɋ& !#i3 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=661966bd-d49a-4558-ad43-cfff113c5eb5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7b9eb4c1-971e-414b-bd49-b53779e89653 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@***g ]Ɋ& )!X*g F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=***g ]Ɋ& A!X*g F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ***g ]Ɋ& =!X*g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er***g ]Ɋ& 5!X*g F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl***g ]Ɋ& 5!X*g F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e ***g ]Ɋ& 7!X*g F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2**0*g ]Ɋ& !*g F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03cd78fe-b37e-49b2-9acd-52cc70ad6640 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@.g ]Ɋ& !.g F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1433f485-571e-49c5-9b84-cd3cc0a47d30 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03cd78fe-b37e-49b2-9acd-52cc70ad6640 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**XWǫg ]Ɋ& !XWǫg F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**pWǫg ]Ɋ& !XWǫg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**hWǫg ]Ɋ& !XWǫg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`Wǫg ]Ɋ& !XWǫg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`Wǫg ]Ɋ& !XWǫg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**hWǫg ]Ɋ& !XWǫg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**Wǫg ]Ɋ&  !Wǫg F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17f102de-9c6b-420e-a7c3-b3f7f118175f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aa40**Wǫg ]Ɋ& !Wǫg F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=84d4c409-4cf8-416e-b50b-29ca590caff5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17f102de-9c6b-420e-a7c3-b3f7f118175f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ae**8g ]Ɋ& !Xg F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**Pg ]Ɋ& !Xg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**Pg ]Ɋ& !Xg F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**Hg ]Ɋ& !Xg F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**Hg ]Ɋ& !Xg F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**Hg ]Ɋ& !Xg F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**g ]Ɋ& !g F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77ae2408-eac7-4459-bcc4-2e80019c8c8e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**g ]Ɋ& !g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=89e42b26-95f7-4455-b87d-3ffb51b0b28a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77ae2408-eac7-4459-bcc4-2e80019c8c8e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XH®g ]Ɋ& !XH®g F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**pH®g ]Ɋ& !XH®g F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hH®g ]Ɋ& !XH®g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`H®g ]Ɋ& !XH®g F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**`H®g ]Ɋ& !XH®g F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**`H®g ]Ɋ& !XH®g F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1`**H®g ]Ɋ& !H®g F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fabdd3f-d461-4e3b-8497-c00f021a1d06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**H®g ]Ɋ& !H®g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d71d86be-4432-4de3-8a76-786509a4515a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fabdd3f-d461-4e3b-8497-c00f021a1d06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**(ug ]Ɋ& !Xug F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@ug ]Ɋ& !Xug F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@ug ]Ɋ& !Xug F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8ug ]Ɋ& !Xug F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etXug F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX_g3 F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&XElfChnk"" A ߝMu=VysMc&&**8 ug ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xug F&F%g>9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8ug ]Ɋ& !Xug F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**ug ]Ɋ& !ug F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=174d6b11-5f27-4a06-ad62-3ad1d932f26c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA** g ]Ɋ& ! g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3c57c3b-d5a1-4976-8b3c-a728f0ad25f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=174d6b11-5f27-4a06-ad62-3ad1d932f26c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**Xdg ]Ɋ& !Xdg F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pdg ]Ɋ& !Xdg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pdg ]Ɋ& !Xdg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**hdg ]Ɋ& !Xdg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**hdg ]Ɋ& !Xdg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**hdg ]Ɋ& !Xdg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh**dg ]Ɋ&  !dg F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a60a3642-4cd3-4365-93e2-414b292c94aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**g ]Ɋ& !g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fe09128b-5dda-404c-9a1f-953187184542 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a60a3642-4cd3-4365-93e2-414b292c94aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine**Eg ]Ɋ& '!XEg F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**Eg ]Ɋ& ?!XEg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**Eg ]Ɋ& ;!XEg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Eg ]Ɋ& 3!XEg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh**Eg ]Ɋ& 3!XEg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Eg ]Ɋ& 5!XEg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0Eg ]Ɋ& !Eg F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8da1bc57-5561-4646-ae91-44962e19dd9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@۞g ]Ɋ& !۞g F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bec0fabb-57ad-4aa5-99c7-448d9dd8c592 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8da1bc57-5561-4646-ae91-44962e19dd9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@**) ]Ɋ& )!X) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=50b-**) ]Ɋ& A!X) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**) ]Ɋ& =!X) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **) ]Ɋ& 5!X) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ) ]Ɋ& 5!X)  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wǫ** ) ]Ɋ& 7!X)  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0 ) ]Ɋ& !)  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a92b6dbf-6c10-4709-9ec1-c536e47c1872 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@ VΞ ]Ɋ& !VΞ  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c2c9e83e-013f-478f-b1f7-104b60ceec68 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a92b6dbf-6c10-4709-9ec1-c536e47c1872 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**X \ ]Ɋ& !X\  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**p\ ]Ɋ& !X\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**h\ ]Ɋ& !X\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**`\ ]Ɋ& !X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`\ ]Ɋ& !X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h\ ]Ɋ& !X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh**\ ]Ɋ&  !\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=13af9536-fb30-4600-b20b-09ea08f255d3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe**\ ]Ɋ& !\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=11f79729-3396-4e1d-aedb-d5bb6667691f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=13af9536-fb30-4600-b20b-09ea08f255d3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8d ]Ɋ& !Xd F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**Pd ]Ɋ& !Xd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**Pd ]Ɋ& !Xd F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**Hd ]Ɋ& !Xd F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**Hd ]Ɋ& !Xd F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**Hd ]Ɋ& !Xd F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH**d ]Ɋ& !d F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83210c2d-0ca1-492f-a8d1-55a4090c1ee0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dbf030da-4af6-405b-80e1-5b74f4ce205f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83210c2d-0ca1-492f-a8d1-55a4090c1ee0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**`  ]Ɋ& !X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`! ]Ɋ& !X! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**`" ]Ɋ& !X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnk#S#S`h-IMu=VysMc&&**# ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !# F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5896de41-bd09-4f33-9b7b-3e596b44afb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**$ ]Ɋ& !$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e885d2b-9ab2-4444-ab46-681ea5fdfa9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5896de41-bd09-4f33-9b7b-3e596b44afb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **(%& ]Ɋ& !X&% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@&& ]Ɋ& !X&& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@'& ]Ɋ& !X&' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**8(& ]Ɋ& !X&( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**8)& ]Ɋ& !X&) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**8*& ]Ɋ& !X&* F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**+& ]Ɋ& !&+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2b41c17e-1c0f-40fa-a429-742b1f9141ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**,( ]Ɋ& !(, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=73244840-6fba-40ce-a320-7dc889bde8e3 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2b41c17e-1c0f-40fa-a429-742b1f9141ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**X-U ]Ɋ& !XU- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p.U ]Ɋ& !XU. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**p/U ]Ɋ& !XU/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**h0U ]Ɋ& !XU0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**h1U ]Ɋ& !XU1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**h2U ]Ɋ& !XU2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah**3U ]Ɋ&  !U3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48831af5-18eb-4b44-a548-f8c01d89dc23 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4눩 ]Ɋ& !눩4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d334bc4-7398-4f65-bb38-477fd9d023f9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48831af5-18eb-4b44-a548-f8c01d89dc23 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**5 ]Ɋ& '!X5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**6 ]Ɋ& ?!X6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**7 ]Ɋ& ;!X7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 ]Ɋ& 3!X8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**9 ]Ɋ& 3!X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**: ]Ɋ& 5!X: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**0; ]Ɋ& !; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=36589753-edde-4390-a52a-b87cea45446a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@<E뫯 ]Ɋ& !E뫯< F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b88368de-cf0e-4886-a8b1-c8a7bd04748e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=36589753-edde-4390-a52a-b87cea45446a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**= ]Ɋ& )!X= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**> ]Ɋ& A!X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6-4e**? ]Ɋ& =!X? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **@ ]Ɋ& 5!X@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**A ]Ɋ& 5!XA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**B ]Ɋ& 7!XB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0C ]Ɋ& !C F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9f94df0e-549f-4960-99c9-c06ff53c5b60 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@D# ]Ɋ& !#D F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=451d7b6d-7987-45b6-9319-fd8828ffaa2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9f94df0e-549f-4960-99c9-c06ff53c5b60 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**XE# ]Ɋ& !X#E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**pF# ]Ɋ& !X#F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**hG# ]Ɋ& !X#G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**`H# ]Ɋ& !X#H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`I# ]Ɋ& !X#I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**hJ# ]Ɋ& !X#J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**K ]Ɋ&  !K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1489396d-e1ef-4598-8aee-305b3f9f42dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand**L ]Ɋ& !L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b7514f9c-b87b-4993-81ae-12f72656617c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1489396d-e1ef-4598-8aee-305b3f9f42dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8M ]Ɋ& !XM F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**PN ]Ɋ& !XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PO ]Ɋ& !XO F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**HP ]Ɋ& !XP F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**HQ ]Ɋ& !XQ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**HR ]Ɋ& !XR F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH**S ]Ɋ& !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27fa4741-3dcc-488e-8358-f29ae945b7e6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= CommElfChnkTTHMu=VysMc&&**T ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !T F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9bdcad3-6d90-48d4-af47-610adabaf472 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27fa4741-3dcc-488e-8358-f29ae945b7e6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**XU ]Ɋ& !XU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pV ]Ɋ& !XV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hW ]Ɋ& !XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`X ]Ɋ& !XX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`Y ]Ɋ& !XY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`Z ]Ɋ& !XZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**[ ]Ɋ& ![ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1056b3e4-5f47-463a-b2e4-40ab8842b27f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\PK ]Ɋ& !PK\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3accc9b9-8ac3-4b4d-a84d-5410bfb2c27a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1056b3e4-5f47-463a-b2e4-40ab8842b27f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(]PK ]Ɋ& !XPK] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@^PK ]Ɋ& !XPK^ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@_PK ]Ɋ& !XPK_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8`PK ]Ɋ& !XPK` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8aPK ]Ɋ& !XPKa F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8bPK ]Ɋ& !XPKb F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**cPK ]Ɋ& !PKc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c4dd8186-43ca-4d03-a5c0-62555ea1522c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4a14c7be-7a58-463b-b54d-990eca9b32e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c4dd8186-43ca-4d03-a5c0-62555ea1522c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**Xe ]Ɋ& !Xe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pf ]Ɋ& !Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pg ]Ɋ& !Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hh ]Ɋ& !Xh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hi ]Ɋ& !Xi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hj ]Ɋ& !Xj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**k ]Ɋ&  !k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de30b605-a7c2-4d46-a9ec-4fd60ac56bee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**l ]Ɋ& !l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eb3c4559-5913-4d72-a1df-0e02510eeaa8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de30b605-a7c2-4d46-a9ec-4fd60ac56bee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**m ]Ɋ& '!Xm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **n ]Ɋ& ?!Xn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**o ]Ɋ& ;!Xo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**p ]Ɋ& 3!Xp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **q ]Ɋ& 3!Xq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**r ]Ɋ& 5!Xr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0s ]Ɋ& !s F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f0c4964a-5369-4687-85e0-ded5a7d1bb55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@t ]Ɋ& !t F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c7b6744-6cf5-4a2a-a887-f7e86cf8d9d9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f0c4964a-5369-4687-85e0-ded5a7d1bb55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-c06@**uI}\ ]Ɋ& )!XI}\u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**vI}\ ]Ɋ& A!XI}\v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**wI}\ ]Ɋ& =!XI}\w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=12**xI}\ ]Ɋ& 5!XI}\x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**yI}\ ]Ɋ& 5!XI}\y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**zI}\ ]Ɋ& 7!XI}\z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=#**0{\ ]Ɋ& !\{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=769b8d65-c160-45d1-8623-f4e0eef3314c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@|v\ ]Ɋ& !v\| F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ca1612bc-f819-4eb2-8277-8ea927b9a47f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=769b8d65-c160-45d1-8623-f4e0eef3314c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X} G\ ]Ɋ& !X G\} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p~ G\ ]Ɋ& !X G\~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h G\ ]Ɋ& !X G\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**` G\ ]Ɋ& !X G\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**` G\ ]Ɋ& !X G\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**h G\ ]Ɋ& !X G\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh** G\ ]Ɋ&  ! G\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=53162ed1-a291-4ffb-90f0-10d0630b9031 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=! ]Ɋ& at G\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=53162ed1-a291-4ffb-90f0-10d0630b9031 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@[!ݯTL7Mu=VysMc&&** G\ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ! G\ F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d6d10ba-a67d-45ee-ad94-554d49859fe2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=53162ed1-a291-4ffb-90f0-10d0630b9031 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 G\ ]Ɋ& !X G\ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**P G\ ]Ɋ& !X G\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**P G\ ]Ɋ& !X G\ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**H G\ ]Ɋ& !X G\ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**H G\ ]Ɋ& !X G\ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**H G\ ]Ɋ& !X G\ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H** G\ ]Ɋ& ! G\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c059641-dc8c-4487-b246-046e458f19fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** G\ ]Ɋ& ! G\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a65ad20b-83d9-4a42-9080-e5473c15a743 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c059641-dc8c-4487-b246-046e458f19fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X\ ]Ɋ& !X\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**p\ ]Ɋ& !X\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**h\ ]Ɋ& !X\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=54h**`\ ]Ɋ& !X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**`\ ]Ɋ& !X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`\ ]Ɋ& !X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**\ ]Ɋ& !\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cf37dc5-e8de-4e15-aedc-b45d920cbca4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-**\ ]Ɋ& !\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b50be6f2-5438-4df9-b2b2-a157cb62e5b3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cf37dc5-e8de-4e15-aedc-b45d920cbca4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**(\ ]Ɋ& !X\ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@\ ]Ɋ& !X\ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@\ ]Ɋ& !X\ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**8\ ]Ɋ& !X\ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**8\ ]Ɋ& !X\ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**8\ ]Ɋ& !X\ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8**\ ]Ɋ& !\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cdf7c4c0-3bb1-4039-9c43-2018a87f1826 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**\ ]Ɋ& !\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08c89f7f-128f-455d-8c77-4b355701f675 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cdf7c4c0-3bb1-4039-9c43-2018a87f1826 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**X\ ]Ɋ& !X\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**p\ ]Ɋ& !X\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**p\ ]Ɋ& !X\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**h\ ]Ɋ& !X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**h\ ]Ɋ& !X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**h\ ]Ɋ& !X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h**\ ]Ɋ&  !\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5404a976-949d-4090-8f6b-5f01c67a866a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta**G\ ]Ɋ& !G\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33539ce8-4f3d-4a89-803e-6a42d0816db4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5404a976-949d-4090-8f6b-5f01c67a866a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma**t\ ]Ɋ& '!Xt\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**t\ ]Ɋ& ?!Xt\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**t\ ]Ɋ& ;!Xt\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **t\ ]Ɋ& 3!Xt\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**t\ ]Ɋ& 3!Xt\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**t\ ]Ɋ& 5!Xt\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0t\ ]Ɋ& !t\ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b7481d81-d9fd-485c-b5ea-584ed602e5d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@ i\ ]Ɋ& ! i\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=145e9a22-9d51-4a6a-9cb2-e4aae87aa8ee HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b7481d81-d9fd-485c-b5ea-584ed602e5d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**e® ]Ɋ& )!Xe® F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**e® ]Ɋ& A!Xe® F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**e® ]Ɋ& =!Xe® F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**e® ]Ɋ& 5!Xe® F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**e® ]Ɋ& 5!Xe® F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**e® ]Ɋ& 7!Xe® F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0e® ]Ɋ& !e® F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03b9b72e-841e-4119-938a-e23c727aea7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@Z ]Ɋ& !Z F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee170623-c6a4-4995-8d37-d684bc13b377 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03b9b72e-841e-4119-938a-e23c727aea7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=063@9031 Pipel ]Ɋ& meX F&e=ElfChnkH975޼qMu=VysMc&&**X ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!X F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d7b05d6-ee84-4562-9c95-e85f5e989797 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9f429fde-a1ea-48ac-8776-99c398a6f8be HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d7b05d6-ee84-4562-9c95-e85f5e989797 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8U ]Ɋ& !XU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PU ]Ɋ& !XU F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PU ]Ɋ& !XU F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HU ]Ɋ& !XU F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HU ]Ɋ& !XU F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**HU ]Ɋ& !XU F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**U ]Ɋ& !U F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=024debce-6c3f-4698-b753-368410998e7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=֘**U ]Ɋ& !U F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=99e79b64-356c-426f-be84-2b0d16e7c30c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=024debce-6c3f-4698-b753-368410998e7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=29708286-efe9-42ab-b78c-f37b65b7f814 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=085619cc-4246-4ec5-9aae-f782361cd1ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=29708286-efe9-42ab-b78c-f37b65b7f814 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==338**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6d94b3e3-f088-44fc-b3b2-000369e247a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**F ]Ɋ& !F F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=71b5208a-ded2-47ab-a6a9-b42a05809d0b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6d94b3e3-f088-44fc-b3b2-000369e247a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2caba181-dcbd-438a-adb7-620e7bf0e789 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**' ]Ɋ& !' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c0ab547d-f096-45cc-bb7f-bf96c29618ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2caba181-dcbd-438a-adb7-620e7bf0e789 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **T߻ ]Ɋ& '!XT߻ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**T߻ ]Ɋ& ?!XT߻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**T߻ ]Ɋ& ;!XT߻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**T߻ ]Ɋ& 3!XT߻ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**T߻ ]Ɋ& 3!XT߻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**T߻ ]Ɋ& 5!XT߻ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0T߻ ]Ɋ& !T߻ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=386a810d-48b6-4e70-a34b-57107e1fd236 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@w ]Ɋ& !w F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cbe171d2-b0df-4e4f-b672-aa7d7a3f8790 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=386a810d-48b6-4e70-a34b-57107e1fd236 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d @pelineId=  ]Ɋ& maXg F&9031 Pipel ]Ɋ& meX F&e=ElfChnkhPz LMu=VysMc&&**g ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xg F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**g ]Ɋ& A!Xg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**g ]Ɋ& =!Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**g ]Ɋ& 5!Xg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **g ]Ɋ& 5!Xg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9f**g ]Ɋ& 7!Xg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0g ]Ɋ& !g F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b2c0f8c-0d1d-4ae8-a41d-69b81bb60db8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=308ae21f-c316-4b1b-b0ca-c499a5479ca7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b2c0f8c-0d1d-4ae8-a41d-69b81bb60db8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**X$ ]Ɋ& !X$ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p$ ]Ɋ& !X$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**h$ ]Ɋ& !X$ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`$ ]Ɋ& !X$ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`$ ]Ɋ& !X$ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h$ ]Ɋ& !X$ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth**$ ]Ɋ&  !$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d877d6f-4179-441d-bf01-29d2f5a9e75a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **$ ]Ɋ& !$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31804443-fb97-4d20-a47a-87ef484b925f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d877d6f-4179-441d-bf01-29d2f5a9e75a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8* ]Ɋ& !X* F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**P* ]Ɋ& !X* F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**P* ]Ɋ& !X* F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**H* ]Ɋ& !X* F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**H* ]Ɋ& !X* F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H* ]Ɋ& !X* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**U ]Ɋ& !U F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4b3b987-9f8f-444d-b2b4-7bce4721ffd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**U ]Ɋ& !U F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07bdd398-09ac-497f-bbf4-8de1909c3850 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4b3b987-9f8f-444d-b2b4-7bce4721ffd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XW ]Ɋ& !XW F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pW ]Ɋ& !XW F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**hW ]Ɋ& !XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`W ]Ɋ& !XW F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**`W ]Ɋ& !XW F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`W ]Ɋ& !XW F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**W ]Ɋ& !W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b271e746-acd5-4410-adf3-92da97826a5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **W ]Ɋ& !W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7a926af8-5ab6-41f1-83c6-d83634f23786 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b271e746-acd5-4410-adf3-92da97826a5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8  ]Ɋ& !X  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8  ]Ɋ& !X  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**  ]Ɋ& !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0810aa8a-60aa-4462-845d-85a8c71bea56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** P ]Ɋ& !P  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1fe68403-0d64-4159-a2a7-abb0ccda70a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0810aa8a-60aa-4462-845d-85a8c71bea56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **X 8 ]Ɋ& !X8  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**p8 ]Ɋ& !X8 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**p8 ]Ɋ& !X8 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=181p**h8 ]Ɋ& !X8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**h8 ]Ɋ& !X8 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h8 ]Ɋ& !X8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**8 ]Ɋ&  !8 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17f292e4-1b54-4929-b772-473b2e50f41a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8aea31d6-4651-4a5a-a34e-93461e89ab1d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17f292e4-1b54-4929-b772-473b2e50f41a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4f-b672-aa7d ]Ɋ& reX F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=386a810d-48b6-4e70-a34b-57107e1fd236 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d @pelineId=  ]Ɋ& maXg F&9031 Pipel ]Ɋ& meX F&e=ElfChnkII@2kTMu=VysMc&&**  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9a5** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b09e6bef-fbc2-4939-9694-e685cb40451e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@)ߚ ]Ɋ& !)ߚ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4824df11-17b0-458b-92db-6cbc744cea46 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b09e6bef-fbc2-4939-9694-e685cb40451e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**  ]Ɋ& 5!X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**! ]Ɋ& 5!X! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve**" ]Ɋ& 7!X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**0# ]Ɋ& !# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7f77ce6-4955-42b5-b616-6a1586a092d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@$+N ]Ɋ& !+N$ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5f2b1f43-4ecb-428a-86d5-931c065f3176 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7f77ce6-4955-42b5-b616-6a1586a092d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X% ]Ɋ& !X% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p& ]Ɋ& !X& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h' ]Ɋ& !X' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`( ]Ɋ& !X( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`) ]Ɋ& !X) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h* ]Ɋ& !X* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah**+ ]Ɋ&  !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=411149a8-738b-4717-9182-943c57658161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New**, ]Ɋ& !, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=99989c33-ab76-469b-a85b-16f4c6aa7558 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=411149a8-738b-4717-9182-943c57658161 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**8-X ]Ɋ& !XX- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**P.X ]Ɋ& !XX. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**P/X ]Ɋ& !XX/ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**H0X ]Ɋ& !XX0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H1X ]Ɋ& !XX1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**H2X ]Ɋ& !XX2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**3X ]Ɋ& !X3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3b4d8889-38a9-4c85-9a91-35bafaeac1c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4X ]Ɋ& !X4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=52bf1991-7dcb-4039-8f00-9774386c0fa2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3b4d8889-38a9-4c85-9a91-35bafaeac1c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X5 ]Ɋ& !X5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p6 ]Ɋ& !X6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h7 ]Ɋ& !X7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`8 ]Ɋ& !X8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=70`**`9 ]Ɋ& !X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`: ]Ɋ& !X: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=334248d9-f373-4238-82ac-0692d6039f6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0926cf8-981c-4f28-a5bb-2e33088979e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=334248d9-f373-4238-82ac-0692d6039f6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=462**(=I ]Ɋ& !XI= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@>I ]Ɋ& !XI> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@?I ]Ɋ& !XI? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8@I ]Ɋ& !XI@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8AI ]Ɋ& !XIA F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8BI ]Ɋ& !XIB F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8**CI ]Ɋ& !IC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=77ec893e-062c-4d53-aa9d-8a0d7b2d2daf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**DHz ]Ɋ& !HzD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ac94c9ca-4da8-4087-bf8c-333fe1d268f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=77ec893e-062c-4d53-aa9d-8a0d7b2d2daf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**XEu ]Ɋ& !XuE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pFu ]Ɋ& !XuF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pGu ]Ɋ& !XuG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**hHu ]Ɋ& !XuH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**hIu ]Ɋ& !XuI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& XuJ F&]Ɋ& meX F&e=ElfChnkJ|J|H6BMu=VysMc&&**p Ju ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!XuJ F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp **Ku ]Ɋ&  !uK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e194fdee-2a1f-4a1e-9a87-587909a5860e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**L D ]Ɋ& ! DL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9ca92f9-428d-4b3b-94df-71d9bc445107 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e194fdee-2a1f-4a1e-9a87-587909a5860e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio**Mܕ ]Ɋ& '!XܕM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**Nܕ ]Ɋ& ?!XܕN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Oܕ ]Ɋ& ;!XܕO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**Pܕ ]Ɋ& 3!XܕP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**Qܕ ]Ɋ& 3!XܕQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **Rܕ ]Ɋ& 5!XܕR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0Sܕ ]Ɋ& !ܕS F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5646fe52-e89d-4a05-a9b7-ec1e26992634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1c0**@T9u ]Ɋ& !9uT F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=83e68eb6-2fcc-4bdd-b869-ba7968e51dd5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5646fe52-e89d-4a05-a9b7-ec1e26992634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**U ]Ɋ& )!XU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**V ]Ɋ& A!XV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**W ]Ɋ& =!XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**X ]Ɋ& 5!XX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**Y ]Ɋ& 5!XY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**Z ]Ɋ& 7!XZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0[ ]Ɋ& ![ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ca6588cc-1fb8-4998-b707-c3b3aad2f4a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@\ ]Ɋ& !\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=68f52bb7-d9dd-4ace-9e7a-ff30b273380e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ca6588cc-1fb8-4998-b707-c3b3aad2f4a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X]r~ ]Ɋ& !Xr~] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p^r~ ]Ɋ& !Xr~^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h_r~ ]Ɋ& !Xr~_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**``r~ ]Ɋ& !Xr~` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X`**`ar~ ]Ɋ& !Xr~a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hbr~ ]Ɋ& !Xr~b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**cr~ ]Ɋ&  !r~c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99324e1d-61a7-4e48-989f-ef9fd25c3648 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**dr~ ]Ɋ& !r~d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a43063d9-c4c3-4b02-9edd-0aa28062acfb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99324e1d-61a7-4e48-989f-ef9fd25c3648 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8er~ ]Ɋ& !Xr~e F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**Pfr~ ]Ɋ& !Xr~f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**Pgr~ ]Ɋ& !Xr~g F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**Hhr~ ]Ɋ& !Xr~h F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hir~ ]Ɋ& !Xr~i F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hjr~ ]Ɋ& !Xr~j F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**kr~ ]Ɋ& !r~k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea89f2b0-a0da-4f42-8297-44996b9fb4a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**lr~ ]Ɋ& !r~l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a490c5ac-6ec3-4b77-9b72-e7d4fc471a97 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea89f2b0-a0da-4f42-8297-44996b9fb4a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xm  ]Ɋ& !X m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pn  ]Ɋ& !X n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**ho  ]Ɋ& !X o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`p  ]Ɋ& !X p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`q  ]Ɋ& !X q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`r  ]Ɋ& !X r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**s  ]Ɋ& ! s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f14474b-9f30-45d1-bb16-03d3687eac79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**t  ]Ɋ& ! t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3c062a3e-3778-47c4-9788-bd66d9de7b64 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f14474b-9f30-45d1-bb16-03d3687eac79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(u  ]Ɋ& !X u F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@v  ]Ɋ& !X v F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@w  ]Ɋ& !X w F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**8x  ]Ɋ& !X x F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**8y  ]Ɋ& !X y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8z  ]Ɋ& !X z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**{  ]Ɋ& ! { F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=889733ff-a871-4f9b-afa6-e6cd2ce9c4e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**| ]Ɋ& !| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aec628c6-97a3-4c6f-8ccb-527f7683ef0a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=889733ff-a871-4f9b-afa6-e6cd2ce9c4e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& X} F&XuJ F&]Ɋ& meX F&e=ElfChnk}}H"/eR Mu=VysMc&&**` } ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!X} F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **p~ ]Ɋ& !X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=54ce028c-df5c-427f-bb75-561001ca0c83 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**cy ]Ɋ& !cy F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9ab17989-04b0-41ab-8e73-3d25e9cfa03d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=54ce028c-df5c-427f-bb75-561001ca0c83 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**cy ]Ɋ& '!Xcy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**cy ]Ɋ& ?!Xcy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**cy ]Ɋ& ;!Xcy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e-9**cy ]Ɋ& 3!Xcy F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=W**cy ]Ɋ& 3!Xcy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9e7**cy ]Ɋ& 5!Xcy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0cy ]Ɋ& !cy F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=10cae6a5-f4b1-4ba8-8172-bd2ac6ba0402 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40084712-4d1a-468b-9800-ecab2b7caf2a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=10cae6a5-f4b1-4ba8-8172-bd2ac6ba0402 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**dJp ]Ɋ& )!XdJp F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**dJp ]Ɋ& A!XdJp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **dJp ]Ɋ& =!XdJp F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**dJp ]Ɋ& 5!XdJp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**dJp ]Ɋ& 5!XdJp F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **dJp ]Ɋ& 7!XdJp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0dJp ]Ɋ& !dJp F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c8285cb4-75e9-407e-84ec-4e0c36f25b12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@p ]Ɋ& !p F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=42202c13-c31a-495a-a39f-9077b0774a33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c8285cb4-75e9-407e-84ec-4e0c36f25b12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**X{p ]Ɋ& !X{p F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**p{p ]Ɋ& !X{p F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**h{p ]Ɋ& !X{p F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`{p ]Ɋ& !X{p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**`{p ]Ɋ& !X{p F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**h{p ]Ɋ& !X{p F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**{p ]Ɋ&  !{p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bad0d3fd-9c50-4deb-b220-391cfb149393 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**{p ]Ɋ& !{p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0608823b-f825-4aba-a313-ef22e60d9031 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bad0d3fd-9c50-4deb-b220-391cfb149393 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8{p ]Ɋ& !X{p F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**P{p ]Ɋ& !X{p F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**P{p ]Ɋ& !X{p F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**H{p ]Ɋ& !X{p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**H{p ]Ɋ& !X{p F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**H{p ]Ɋ& !X{p F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**{p ]Ɋ& !{p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ee8d13e4-ebfa-407b-9ab9-17a5795fe794 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **{p ]Ɋ& !{p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bb7de72b-bd69-484a-bd31-5de3fd907084 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ee8d13e4-ebfa-407b-9ab9-17a5795fe794 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X'p ]Ɋ& !X'p F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**p'p ]Ɋ& !X'p F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**h'p ]Ɋ& !X'p F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`'p ]Ɋ& !X'p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`'p ]Ɋ& !X'p F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`'p ]Ɋ& !X'p F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**'p ]Ɋ& !'p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8503931d-8d54-4e1c-9375-61da1f0a658f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**'p ]Ɋ& !'p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ac117cdd-b60a-489a-9d95-1b9d4359be9c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8503931d-8d54-4e1c-9375-61da1f0a658f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**('p ]Ɋ& !X'p F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@'p ]Ɋ& !X'p F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& X'p F&XuJ F&]Ɋ& meX F&e=ElfChnkPp6PMu=VysMc&&**@ 'p ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!X'p F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8'p ]Ɋ& !X'p F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8'p ]Ɋ& !X'p F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8'p ]Ɋ& !X'p F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**'p ]Ɋ& !'p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=52e20cf1-a387-48d1-bb8c-b7b11293c0f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**p ]Ɋ& !p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dfd4efd1-efea-49bb-9775-25bc454cb7e2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=52e20cf1-a387-48d1-bb8c-b7b11293c0f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**Xp ]Ɋ& !Xp F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**pp ]Ɋ& !Xp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pp ]Ɋ& !Xp F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**hp ]Ɋ& !Xp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**hp ]Ɋ& !Xp F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hp ]Ɋ& !Xp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**p ]Ɋ&  !p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91004998-56ea-4631-b566-ed72d25f61a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**vp ]Ɋ& !vp F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=44fae3e1-2c56-490e-8e6d-624e0ab5eb37 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91004998-56ea-4631-b566-ed72d25f61a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**vp ]Ɋ& '!Xvp F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**vp ]Ɋ& ?!Xvp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**vp ]Ɋ& ;!Xvp F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-49**vp ]Ɋ& 3!Xvp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****vp ]Ɋ& 3!Xvp F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=95a**vp ]Ɋ& 5!Xvp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0vp ]Ɋ& !vp F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c319b108-ae23-4094-ba83-da3aae42b2cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@p ]Ɋ& !p F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=21e88f3d-8c3a-489e-b028-89c489230bb4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c319b108-ae23-4094-ba83-da3aae42b2cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**-  ]Ɋ& )!X-  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**-  ]Ɋ& A!X-  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId**-  ]Ɋ& =!X-  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**-  ]Ɋ& 5!X-  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/**-  ]Ɋ& 5!X-  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=90**-  ]Ɋ& 7!X-  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0E  ]Ɋ& !E  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=791730d1-5365-41da-bf3e-2b41bc449b97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@^  ]Ɋ& !^  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d9bf5fd3-64c8-44a1-b34a-f1899c659690 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=791730d1-5365-41da-bf3e-2b41bc449b97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**Xc ]Ɋ& !Xc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pc ]Ɋ& !Xc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hc ]Ɋ& !Xc F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`c ]Ɋ& !Xc F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`c ]Ɋ& !Xc F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**hc ]Ɋ& !Xc F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**c ]Ɋ&  !c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6b6c8154-5513-4238-9f0a-499e8ba682c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**c ]Ɋ& !c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9523bd3b-5fc5-43fc-887e-15c9bdf47164 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6b6c8154-5513-4238-9f0a-499e8ba682c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8# ]Ɋ& !X# F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**P# ]Ɋ& !X# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**P# ]Ɋ& !X# F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**H# ]Ɋ& !X# F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**H# ]Ɋ& !X# F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**H# ]Ɋ& !X# F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**# ]Ɋ& !# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37f0c842-c9de-4abb-a77b-f8a7b4259407 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**# ]Ɋ& !# F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=10f1f009-00f2-4b0a-9a2c-e43088a95cdd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37f0c842-c9de-4abb-a77b-f8a7b4259407 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**X& ]Ɋ& !X& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**p& ]Ɋ& !X& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h& ]Ɋ& !X& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  X& F&CommandPath= CommandLine= @riptName=  ]Ɋ& X'p F&XuJ F&]Ɋ& meX F&e=ElfChnkXVSX>`Mu=VysMc&&**h& ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X& F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`& ]Ɋ& !X& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`& ]Ɋ& !X& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**& ]Ɋ& !& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03e3caab-8c37-4ab6-9ed0-0bb351b62f87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **& ]Ɋ& !& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8f597c41-deb2-4798-a690-cb3d2536a908 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03e3caab-8c37-4ab6-9ed0-0bb351b62f87 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(& ]Ɋ& !X& F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@& ]Ɋ& !X& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@& ]Ɋ& !X& F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8& ]Ɋ& !X& F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8& ]Ɋ& !X& F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8& ]Ɋ& !X& F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8**& ]Ɋ& !& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5dba2fcc-28fc-4320-a0fa-5de467c9df63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aa41260a-debe-4041-885a-35d9ba43b31f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5dba2fcc-28fc-4320-a0fa-5de467c9df63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X4 ]Ɋ& !X4 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p4 ]Ɋ& !X4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p4 ]Ɋ& !X4 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h4 ]Ɋ& !X4 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**h4 ]Ɋ& !X4 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**h4 ]Ɋ& !X4 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=21h**4 ]Ɋ&  !4 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0dadecd-d3e4-44d2-b3e2-83603abf8232 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **{ ]Ɋ& !{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=86a052cf-e973-4d71-99cf-4505c16d5137 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0dadecd-d3e4-44d2-b3e2-83603abf8232 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base**a ]Ɋ& '!Xa F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**a ]Ɋ& ?!Xa F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**a ]Ɋ& ;!Xa F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe**a ]Ɋ& 3!Xa F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F**a ]Ɋ& 3!Xa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers**a ]Ɋ& 5!Xa F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0a ]Ɋ& !a F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ebcb4ec8-fd67-4e9e-9b26-812373728599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=490**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c8d62312-ba98-4f39-a621-a3555cfef3af HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ebcb4ec8-fd67-4e9e-9b26-812373728599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @**Ct ]Ɋ& )!XCt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ct ]Ɋ& A!XCt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ct ]Ɋ& =!XCt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Ct ]Ɋ& 5!XCt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**Ct ]Ɋ& 5!XCt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**Ct ]Ɋ& 7!XCt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0Ct ]Ɋ& !Ct F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8eabc712-ea77-4bc0-9de2-ca89535886ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@t ]Ɋ& !t F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58786149-08a6-41e5-8426-7a3e8e3195c6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8eabc712-ea77-4bc0-9de2-ca89535886ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==95@**Xtu ]Ɋ& !Xtu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**ptu ]Ɋ& !Xtu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**htu ]Ɋ& !Xtu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**`tu ]Ɋ& !Xtu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**` tu ]Ɋ& !Xtu  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h tu ]Ɋ& !Xtu  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8a95h** tu ]Ɋ&  !tu  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa27412a-4ed7-4c38-a73b-7aa92bfee29b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |** tu ]Ɋ& !tu  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b934392-b948-40f8-8293-da5366974162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa27412a-4ed7-4c38-a73b-7aa92bfee29b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8 tu ]Ɋ& !Xtu  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**Ptu ]Ɋ& !Xtu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**Ptu ]Ɋ& !Xtu F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=36a9P**Htu ]Ɋ& !Xtu F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH]Ɋ& ]Ɋ& Xtu ElfChnkAAHӢ'r5Mu=VysMc&&**Htu ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!Xtu F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**Htu ]Ɋ& !Xtu F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**tu ]Ɋ& !tu F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6bb7d284-76bd-4671-9240-8228f933c006 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**D v ]Ɋ& !D v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6953d46b-1082-4465-bb10-9aca610ebc93 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6bb7d284-76bd-4671-9240-8228f933c006 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**XD v ]Ɋ& !XD v F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pD v ]Ɋ& !XD v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hD v ]Ɋ& !XD v F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`D v ]Ɋ& !XD v F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`D v ]Ɋ& !XD v F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`D v ]Ɋ& !XD v F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**D v ]Ɋ& !D v F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad25ad6e-df03-4fc9-893b-e893dadf4698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**D v ]Ɋ& !D v F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e601370d-5995-40c8-9335-51aba4cbbf3b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad25ad6e-df03-4fc9-893b-e893dadf4698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(D v ]Ɋ& !XD v F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f(**@D v ]Ɋ& !XD v F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@D v ]Ɋ& !XD v F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8 D v ]Ɋ& !XD v  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8!D v ]Ɋ& !XD v! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8"D v ]Ɋ& !XD v" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**#D v ]Ɋ& !D v# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=190561bd-dca9-4140-b9ba-3f8244774f79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **$q>w ]Ɋ& !q>w$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e72a87a4-7bc3-43aa-ae94-49ec72e208a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=190561bd-dca9-4140-b9ba-3f8244774f79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**X%w ]Ɋ& !Xw% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p&w ]Ɋ& !Xw& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p'w ]Ɋ& !Xw' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**h(w ]Ɋ& !Xw( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**h)w ]Ɋ& !Xw) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**h*w ]Ɋ& !Xw* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**+w ]Ɋ&  !w+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb9851df-1214-4a0b-a086-22516ffb2f79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,5y ]Ɋ& !5y, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=903b77c2-9931-49bf-8ce9-40d68422c2a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb9851df-1214-4a0b-a086-22516ffb2f79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**-5y ]Ɋ& '!X5y- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **.5y ]Ɋ& ?!X5y. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**/5y ]Ɋ& ;!X5y/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**05y ]Ɋ& 3!X5y0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **15y ]Ɋ& 3!X5y1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**25y ]Ɋ& 5!X5y2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**035y ]Ɋ& !5y3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=59f3c3ef-c46e-47a0-b310-218290b33bc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@4ˠy ]Ɋ& !ˠy4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a7eae9ad-cbd8-46c6-983f-a7518bd08f8a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=59f3c3ef-c46e-47a0-b310-218290b33bc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-ca8@**5I ]Ɋ& )!XI5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**6I ]Ɋ& A!XI6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**7I ]Ɋ& =!XI7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=da**8I ]Ɋ& 5!XI8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**9I ]Ɋ& 5!XI9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**:I ]Ɋ& 7!XI: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0;I ]Ɋ& !I; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4a4db62f-c2f6-42cc-9743-8b588b084b6c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@<v1 ]Ɋ& !v1< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5501ab1-7ba7-4900-843a-28440ed82f33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4a4db62f-c2f6-42cc-9743-8b588b084b6c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X=v1 ]Ɋ& !Xv1= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p>v1 ]Ɋ& !Xv1> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h?v1 ]Ɋ& !Xv1? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`@v1 ]Ɋ& !Xv1@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`Av1 ]Ɋ& !Xv1A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==` FH] ]Ɋ& Xv1B F& ElfChnkBrBr)[9Mu=VysMc&&**hBv1 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!Xv1B F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**Cv1 ]Ɋ&  !v1C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11eb5e04-d5b3-427f-90dc-28d8f9bf81f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**D  ]Ɋ& ! D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=929ed7c5-0443-4b6c-bd53-3de8bbc9de7c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11eb5e04-d5b3-427f-90dc-28d8f9bf81f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8E  ]Ɋ& !X E F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PF  ]Ɋ& !X F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PG  ]Ɋ& !X G F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**HH  ]Ɋ& !X H F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**HI  ]Ɋ& !X I F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**HJ  ]Ɋ& !X J F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**K  ]Ɋ& ! K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b4be6dc-a9fa-43b0-a10a-ba7dd13c966e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**L  ]Ɋ& ! L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6e8724d-de60-43d0-8d7f-2a789239b3da HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b4be6dc-a9fa-43b0-a10a-ba7dd13c966e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XM  ]Ɋ& !X M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**pN  ]Ɋ& !X N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**hO  ]Ɋ& !X O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`P  ]Ɋ& !X P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`Q  ]Ɋ& !X Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`R  ]Ɋ& !X R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**S  ]Ɋ& ! S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9748c259-489b-4b29-a788-8d402dcace79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Tb ]Ɋ& !bT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f7800a71-de10-4103-a07b-378b3ffd59d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9748c259-489b-4b29-a788-8d402dcace79 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(Ub ]Ɋ& !XbU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@Vb ]Ɋ& !XbV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@Wb ]Ɋ& !XbW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8Xb ]Ɋ& !XbX F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8Yb ]Ɋ& !XbY F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8Zb ]Ɋ& !XbZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**[b ]Ɋ& !b[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ebc98f99-b7b0-4bcd-a377-f3d3e2618cd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**\: ]Ɋ& !:\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ae77ba2c-2d04-495d-a105-327cf674dbcc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ebc98f99-b7b0-4bcd-a377-f3d3e2618cd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**X]g, ]Ɋ& !Xg,] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**p^g, ]Ɋ& !Xg,^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p_g, ]Ɋ& !Xg,_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfop**h`g, ]Ɋ& !Xg,` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insh**hag, ]Ɋ& !Xg,a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIdh**hbg, ]Ɋ& !Xg,b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omh**cg, ]Ɋ&  !g,c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70502d55-5636-4b18-a9b6-629fde6c1e67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=22c3ebb8-6e4a-47df-aebb-35f9514b716f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70502d55-5636-4b18-a9b6-629fde6c1e67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oleH**e ]Ɋ& '!Xe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**f ]Ɋ& ?!Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**g ]Ɋ& ;!Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**h ]Ɋ& 3!Xh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **i ]Ɋ& 3!Xi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame**j ]Ɋ& 5!Xj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rs**0k ]Ɋ& !k F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4fa8168d-6674-48dd-b8b0-639d252f933a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er0**@l* ]Ɋ& !*l F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f83c1aee-4737-4d4d-8452-35788fe3584b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4fa8168d-6674-48dd-b8b0-639d252f933a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=84b6@**m.VW ]Ɋ& )!X.VWm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=prod**n.VW ]Ɋ& A!X.VWn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se**o.VW ]Ɋ& =!X.VWo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**p.VW ]Ɋ& 5!X.VWp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**q.VW ]Ɋ& 5!X.VWq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**r.VW ]Ɋ& 7!X.VWr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkssAºrMu=VysMc&&**8sW ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Ws F&F%g>9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=63a7b921-8e69-4e8e-85b7-4ddf233dc6b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@t[W ]Ɋ& ![Wt F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=63a7b921-8e69-4e8e-85b7-4ddf233dc6b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**Xu[W ]Ɋ& !X[Wu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**pv[W ]Ɋ& !X[Wv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**hw[W ]Ɋ& !X[Ww F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**`x[W ]Ɋ& !X[Wx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**`y[W ]Ɋ& !X[Wy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**hz[W ]Ɋ& !X[Wz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh**{[W ]Ɋ&  ![W{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5f17f238-d78e-45b6-a0e8-9d91b27f7de2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**|W ]Ɋ& !W| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3f97a576-bdd5-45fb-a154-9d0c25e555e5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5f17f238-d78e-45b6-a0e8-9d91b27f7de2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8}W ]Ɋ& !XW} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P~W ]Ɋ& !XW~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**PW ]Ɋ& !XW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**HW ]Ɋ& !XW F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**HW ]Ɋ& !XW F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**HW ]Ɋ& !XW F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH**W ]Ɋ& !W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f24271db-de07-4fff-a5d1-51e11d7bcf20 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**W ]Ɋ& !W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e151631-150a-47d6-a5e4-3a95afa8ff27 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f24271db-de07-4fff-a5d1-51e11d7bcf20 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XW ]Ɋ& !XW F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==974X**pW ]Ɋ& !XW F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hW ]Ɋ& !XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`W ]Ɋ& !XW F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`W ]Ɋ& !XW F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`W ]Ɋ& !XW F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**W ]Ɋ& !W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be5a9760-5309-4ce9-ae0c-308b3a5b1d00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**W ]Ɋ& !W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a6536562-8efc-4042-89e0-3cae6ef301a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be5a9760-5309-4ce9-ae0c-308b3a5b1d00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(W ]Ɋ& !XW F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@W ]Ɋ& !XW F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@W ]Ɋ& !XW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8W ]Ɋ& !XW F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8W ]Ɋ& !XW F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**8W ]Ɋ& !XW F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**W ]Ɋ& !W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cc20cf5d-58da-407e-9dce-f3a32c90f469 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru**QX ]Ɋ& !QX F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=54c1a380-f927-412b-9444-7d55a48a45f8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cc20cf5d-58da-407e-9dce-f3a32c90f469 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**XX ]Ɋ& !XX F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**pX ]Ɋ& !XX F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**pX ]Ɋ& !XX F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**hX ]Ɋ& !XX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**hX ]Ɋ& !XX F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**hX ]Ɋ& !XX F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**X ]Ɋ&  !X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4ed675d-8735-4d91-bb56-495874832ddf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**yX ]Ɋ& !yX F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b1b979e7-eb18-4618-b07d-47a4d6d29133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4ed675d-8735-4d91-bb56-495874832ddf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**yX ]Ɋ& '!XyX F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**yX ]Ɋ& ?!XyX F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**yX ]Ɋ& ;!XyX F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**yX ]Ɋ& 3!XyX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**yX ]Ɋ& 3!XyX F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**yX ]Ɋ& 5!XyX F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 35yX F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**r.VW ]Ɋ& 7!X.VWr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkH2СHMu=VysMc&&**8 yX ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !yX F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cd89cad9-31de-4e4b-a018-d6e1b813cc91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7-a8 **@X ]Ɋ& !X F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d00c0d0-dfac-4d7c-81d7-a46a9c5092f5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cd89cad9-31de-4e4b-a018-d6e1b813cc91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**, ]Ɋ& )!X, F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**, ]Ɋ& A!X, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **, ]Ɋ& =!X, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **, ]Ɋ& 5!X, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fb**, ]Ɋ& 5!X, F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**, ]Ɋ& 7!X, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0, ]Ɋ& !, F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a577c1c0-e846-4484-a6eb-5687cfb5fcf0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@&^ ]Ɋ& !&^ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=404a2be1-61c6-4400-b234-51582c62945e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a577c1c0-e846-4484-a6eb-5687cfb5fcf0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**X&^ ]Ɋ& !X&^ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=~X**p&^ ]Ɋ& !X&^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h&^ ]Ɋ& !X&^ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`&^ ]Ɋ& !X&^ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`&^ ]Ɋ& !X&^ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h&^ ]Ɋ& !X&^ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wh**&^ ]Ɋ&  !&^ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46cb79aa-e288-4f62-8787-df4c2b61afba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b76ba07-91dd-45c7-886d-d8948a96b08a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46cb79aa-e288-4f62-8787-df4c2b61afba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a3db7a4-0f7e-4d96-a173-8eb033f12ba7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c18211a8-50c8-4937-b72c-b55ac8ea825d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a3db7a4-0f7e-4d96-a173-8eb033f12ba7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a3`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=adfd5897-edd9-4ca7-8707-d5d97561ee31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=66c34df8-38a0-4d36-a5ba-eb9a2e55f87c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=adfd5897-edd9-4ca7-8707-d5d97561ee31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(S ]Ɋ& !XS F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@S ]Ɋ& !XS F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@S ]Ɋ& !XS F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**8S ]Ɋ& !XS F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8S ]Ɋ& !XS F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8S ]Ɋ& !XS F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**S ]Ɋ& !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dad9e88f-ebc0-4375-984b-df275e52371b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**' ]Ɋ& !' F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d20e9521-bc1d-4ffb-8a80-2f34bb0ccd8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dad9e88f-ebc0-4375-984b-df275e52371b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**XY ]Ɋ& !XY F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**pY ]Ɋ& !XY F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pY ]Ɋ& !XY F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**hY ]Ɋ& !XY F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**hY ]Ɋ& !XY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**hY ]Ɋ& !XY F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**Y ]Ɋ&  !Y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f7d7949-9a0c-4e71-b39b-cf2ea3813f25 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb889042-4c35-4064-b46a-81956d0318c0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f7d7949-9a0c-4e71-b39b-cf2ea3813f25 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=35yX ]Ɋ&  CX F&ommandPath= CommandLine=wP**r.VW ]Ɋ& 7!X.VWr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=36523527-a77c-4c86-bd65-f463cbc71125 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(\bDzMu=VysMc&&**  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d ** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b82aee44-0a45-48ef-a475-f99ed658cb50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@" ]Ɋ& !" F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3186b1f4-1400-446e-8302-3bfecf512ebd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b82aee44-0a45-48ef-a475-f99ed658cb50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**P ]Ɋ& )!XP F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**P ]Ɋ& A!XP F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta**P ]Ɋ& =!XP F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c7**P ]Ɋ& 5!XP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**P ]Ɋ& 5!XP F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**P ]Ɋ& 7!XP F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0P ]Ɋ& !P F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e0263b8a-fd0e-4d8c-8347-3150d336e8af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@"Q ]Ɋ& !"Q F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=73701a34-21dc-4e0a-a528-51d412c13757 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e0263b8a-fd0e-4d8c-8347-3150d336e8af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**X"Q ]Ɋ& !X"Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p"Q ]Ɋ& !X"Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h"Q ]Ɋ& !X"Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`"Q ]Ɋ& !X"Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**`"Q ]Ɋ& !X"Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h"Q ]Ɋ& !X"Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**"Q ]Ɋ&  !"Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=283740ac-d4f6-4008-a40f-ed34db93c191 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**"Q ]Ɋ& !"Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6f77dd79-ed58-48a6-b299-512fb72314d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=283740ac-d4f6-4008-a40f-ed34db93c191 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8R ]Ɋ& !XR F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PR ]Ɋ& !XR F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PR ]Ɋ& !XR F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**HR ]Ɋ& !XR F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**HR ]Ɋ& !XR F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**HR ]Ɋ& !XR F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH**R ]Ɋ& !R F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03748201-34e8-40a6-a96a-fb18d5f0012e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **R ]Ɋ& !R F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08437452-e77a-49ec-a734-40491be66f73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03748201-34e8-40a6-a96a-fb18d5f0012e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XR ]Ɋ& !XR F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**pR ]Ɋ& !XR F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**hR ]Ɋ& !XR F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**`R ]Ɋ& !XR F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`R ]Ɋ& !XR F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**`R ]Ɋ& !XR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**R ]Ɋ& !R F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f795954d-3847-472b-a582-e21b464e9839 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R**R ]Ɋ& !R F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a112de3-a25a-4ce7-925b-6b4740e6e511 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f795954d-3847-472b-a582-e21b464e9839 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**(O"S ]Ɋ& !XO"S F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@O"S ]Ɋ& !XO"S F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@O"S ]Ɋ& !XO"S F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=195@**8O"S ]Ɋ& !XO"S F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8O"S ]Ɋ& !XO"S F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**8O"S ]Ɋ& !XO"S F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8**O"S ]Ɋ& !O"S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=40c060b8-b541-46dc-bbf5-a097791c1360 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1e6c28db-42cd-412f-a565-34f6619abc31 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=40c060b8-b541-46dc-bbf5-a097791c1360 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**XT ]Ɋ& !XT F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**pT ]Ɋ& !XT F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pT ]Ɋ& !XT F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& 5-XT F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk::'KeMu=VysMc&&**h T ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!XT F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h T ]Ɋ& !XT  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**h T ]Ɋ& !XT  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch** T ]Ɋ&  !T  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a58ccee-60db-4222-a877-f552c7f3e0a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-** U ]Ɋ& !U  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e98bfe15-8a99-4346-ac28-15d9deeecaa3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a58ccee-60db-4222-a877-f552c7f3e0a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst** U ]Ɋ& '!XU  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**U ]Ɋ& ?!XU F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**U ]Ɋ& ;!XU F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**U ]Ɋ& 3!XU F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**U ]Ɋ& 3!XU F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**U ]Ɋ& 5!XU F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**0U ]Ɋ& !U F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4ffa3281-9376-4856-8bce-38513b4debf5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@ֵV ]Ɋ& !ֵV F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0f916415-8bee-4da6-9241-02f97f6ffe9f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4ffa3281-9376-4856-8bce-38513b4debf5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**;j ]Ɋ& )!X;j F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**;j ]Ɋ& A!X;j F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**;j ]Ɋ& =!X;j F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**;j ]Ɋ& 5!X;j F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g **;j ]Ɋ& 5!X;j F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na**;j ]Ɋ& 7!X;j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0;j ]Ɋ& !;j F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2495fbe2-865d-4b35-9dbf-73f3fd7f1314 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f0**@=j ]Ɋ& !=j F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7f10f68b-4825-46e9-991b-69ec9391935f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2495fbe2-865d-4b35-9dbf-73f3fd7f1314 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**XA>j ]Ɋ& !XA>j F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**pA>j ]Ɋ& !XA>j F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**hA>j ]Ɋ& !XA>j F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**` A>j ]Ɋ& !XA>j  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`!A>j ]Ɋ& !XA>j! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**h"A>j ]Ɋ& !XA>j" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**#A>j ]Ɋ&  !A>j# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=432f47b9-89d0-4046-a992-0d5460821e2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli**$A>j ]Ɋ& !A>j$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a0faf503-d9f9-4d35-b7c7-19255f2b3aa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=432f47b9-89d0-4046-a992-0d5460821e2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**8%A>j ]Ɋ& !XA>j% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b-8**P&A>j ]Ɋ& !XA>j& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e3P**P'A>j ]Ɋ& !XA>j' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**H(A>j ]Ɋ& !XA>j( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**H)A>j ]Ɋ& !XA>j) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**H*A>j ]Ɋ& !XA>j* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**+A>j ]Ɋ& !A>j+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2c706afc-9f47-4767-a416-03cc2006b13f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**,>j ]Ɋ& !>j, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f6c408d7-5ce4-4f31-b850-80f8d2bbae98 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2c706afc-9f47-4767-a416-03cc2006b13f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**X->j ]Ɋ& !X>j- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**p.>j ]Ɋ& !X>j. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Op**h/>j ]Ɋ& !X>j/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`0>j ]Ɋ& !X>j0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`1>j ]Ɋ& !X>j1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`2>j ]Ɋ& !X>j2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**3>j ]Ɋ& !>j3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da81694a-1d57-43c3-adfb-eca54e1b292f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**4>j ]Ɋ& !>j4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=599a68e2-3af3-42f6-b742-03bfd8ca9458 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da81694a-1d57-43c3-adfb-eca54e1b292f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**(5>j ]Ɋ& !X>j5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@6>j ]Ɋ& !X>j6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@7>j ]Ɋ& !X>j7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**88>j ]Ɋ& !X>j8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**89>j ]Ɋ& !X>j9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8:>j ]Ɋ& !X>j: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnk;l;l@bvMu=VysMc&&** ;>j ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! m!>j; F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=13ce94aa-3613-417e-bbfd-1d43e548d81d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio **< @j ]Ɋ& ! @j< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b00da2cf-c102-401f-a2a8-8a1739ef731f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=13ce94aa-3613-417e-bbfd-1d43e548d81d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**X=Q@j ]Ɋ& !XQ@j= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p>Q@j ]Ɋ& !XQ@j> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**p?Q@j ]Ɋ& !XQ@j? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**h@Q@j ]Ɋ& !XQ@j@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**hAQ@j ]Ɋ& !XQ@jA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hBQ@j ]Ɋ& !XQ@jB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3cd687a7-de64-4ce8-9015-c7e6fab76f20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**C**8]5 ]Ɋ& !X5] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt8**P^5 ]Ɋ& !X5^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipP**P_5 ]Ɋ& !X5_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CommP**H`5 ]Ɋ& !X5` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**Ha5 ]Ɋ& !X5a F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PipH**Hb5 ]Ɋ& !X5b F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspH**c5 ]Ɋ& !5c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4afa9f9-d152-4dae-9da5-903bad21a51b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**d5 ]Ɋ& !5d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4fdc215a-6a87-4bb4-9486-7fbf029b7387 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4afa9f9-d152-4dae-9da5-903bad21a51b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**Xeb6 ]Ɋ& !Xb6e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIdX**pfb6 ]Ɋ& !Xb6f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obalp**hgb6 ]Ɋ& !Xb6g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=x h**`hb6 ]Ɋ& !Xb6h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`ib6 ]Ɋ& !Xb6i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`jb6 ]Ɋ& !Xb6j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**kb6 ]Ɋ& !b6k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=385b1f8a-e8b3-48eb-b5b5-52038a0b008d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**lb6 ]Ɋ& !b6l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e4f6d784-61cf-4376-b4eb-a6c999a38104 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=385b1f8a-e8b3-48eb-b5b5-52038a0b008d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= EnneVersion=  ]Ɋ& maXb6m F&ndPath= CommandLine=8F& ElfChnkmmdRYMu=VysMc&&**0 mb6 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xb6m F&F%g>9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0 **@nb6 ]Ɋ& !Xb6n F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P@**@ob6 ]Ɋ& !Xb6o F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lue@**8pb6 ]Ɋ& !Xb6p F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**8qb6 ]Ɋ& !Xb6q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 8**8rb6 ]Ɋ& !Xb6r F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er8**sb6 ]Ɋ& !b6s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9e63a37d-4f2f-43ab-9c59-0dca1e3a1732 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Q@**t7 ]Ɋ& !7t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=98660fc4-d227-42d7-9c98-1f68abdacfc5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9e63a37d-4f2f-43ab-9c59-0dca1e3a1732 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **Xu8 ]Ɋ& !X8u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**pv8 ]Ɋ& !X8v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**pw8 ]Ɋ& !X8w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rinp**hx8 ]Ɋ& !X8x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hy8 ]Ɋ& !X8y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipth**hz8 ]Ɋ& !X8z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**{8 ]Ɋ&  !8{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae8c5cf0-56e0-49a5-a0b6-e61b164e13b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eg**|9 ]Ɋ& !9| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dff36e05-720e-4b0e-a096-8ace9519a1d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae8c5cf0-56e0-49a5-a0b6-e61b164e13b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=325-**}9 ]Ɋ& '!X9} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**~9 ]Ɋ& ?!X9~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**9 ]Ɋ& ;!X9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **9 ]Ɋ& 3!X9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**9 ]Ɋ& 3!X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **9 ]Ɋ& 5!X9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**09 ]Ɋ& !9 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9f0eb862-c379-4cf3-a542-a05e515863d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si0**@: ]Ɋ& !: F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=14d1ead8-ae7f-4e32-b26d-f6c86fa96764 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9f0eb862-c379-4cf3-a542-a05e515863d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**W  ]Ɋ& )!XW  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**W  ]Ɋ& A!XW  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**W  ]Ɋ& =!XW  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mI**W  ]Ɋ& 5!XW  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-3**W  ]Ɋ& 5!XW  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**W  ]Ɋ& 7!XW  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**0W  ]Ɋ& !W  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2bd7170-64d6-4b38-ace7-433bb0a00188 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@W  ]Ɋ& !W  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=54b13465-da4b-49fb-8f7d-f3812fc47ab8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2bd7170-64d6-4b38-ace7-433bb0a00188 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XW  ]Ɋ& !XW  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= X**pW  ]Ɋ& !XW  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=^p**hW  ]Ɋ& !XW  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`W  ]Ɋ& !XW  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`W  ]Ɋ& !XW  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hW  ]Ɋ& !XW  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**W  ]Ɋ&  !W  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b15d405d-069e-4671-ad6e-7c60c51b1671 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=None**W  ]Ɋ& !W  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0992ba3-a3e4-4407-a198-6eb944c7a3ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b15d405d-069e-4671-ad6e-7c60c51b1671 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**8GW  ]Ɋ& !XGW  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e8**PGW  ]Ɋ& !XGW  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PGW  ]Ɋ& !XGW  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HGW  ]Ɋ& !XGW  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HGW  ]Ɋ& !XGW  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HGW  ]Ɋ& !XGW  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**GW  ]Ɋ& !GW  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf8bfe19-609d-43af-b0cd-a20f91f584c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**GW  ]Ɋ& !GW  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c8803d35-ea07-4c6a-b32b-22656347cd56 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf8bfe19-609d-43af-b0cd-a20f91f584c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X޲W  ]Ɋ& !X޲W  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mandXne= En ]Ɋ& X޲W  F& F&ndPath= CommandLine=8F& ElfChnk@M#Z媙Mu=VysMc&&**p޲W  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!X޲W  F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**h޲W  ]Ɋ& !X޲W  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**`޲W  ]Ɋ& !X޲W  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`޲W  ]Ɋ& !X޲W  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0f`**`޲W  ]Ɋ& !X޲W  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**޲W  ]Ɋ& !޲W  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a26e7b11-9d55-4a54-9d48-47dc721277b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**޲W  ]Ɋ& !޲W  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=868ea443-8ac6-42d5-a8b2-e060e423a517 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a26e7b11-9d55-4a54-9d48-47dc721277b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**(tKW  ]Ɋ& !XtKW  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@tKW  ]Ɋ& !XtKW  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@tKW  ]Ɋ& !XtKW  F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8tKW  ]Ɋ& !XtKW  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8tKW  ]Ɋ& !XtKW  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8tKW  ]Ɋ& !XtKW  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**tKW  ]Ɋ& !tKW  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8a9f1873-57c9-48f1-a090-2157c18f0c62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**|W  ]Ɋ& !|W  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b156591d-8f56-4159-b483-340d30de7be0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8a9f1873-57c9-48f1-a090-2157c18f0c62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**XW  ]Ɋ& !XW  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pW  ]Ɋ& !XW  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ep**pW  ]Ɋ& !XW  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**hW  ]Ɋ& !XW  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hW  ]Ɋ& !XW  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hW  ]Ɋ& !XW  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**UAW  ]Ɋ&  !UAW  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=864b6910-00fa-4554-bf44-a78dff41c46f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **W  ]Ɋ& !W  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=12c6887b-5563-460c-9161-2b1a8d394d1c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=864b6910-00fa-4554-bf44-a78dff41c46f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4e3**rW  ]Ɋ& '!XrW  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**rW  ]Ɋ& ?!XrW  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**rW  ]Ɋ& ;!XrW  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**rW  ]Ɋ& 3!XrW  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**rW  ]Ɋ& 3!XrW  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**rW  ]Ɋ& 5!XrW  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0rW  ]Ɋ& !rW  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d55677b0-604f-4130-b613-8f804cd6e2d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@ W  ]Ɋ& ! W  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=198d6d1c-d76e-4de1-b596-695a78b034a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d55677b0-604f-4130-b613-8f804cd6e2d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**λ  ]Ɋ& )!Xλ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**λ  ]Ɋ& A!Xλ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**λ  ]Ɋ& =!Xλ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **λ  ]Ɋ& 5!Xλ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=07**λ  ]Ɋ& 5!Xλ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**λ  ]Ɋ& 7!Xλ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0ϻ  ]Ɋ& !ϻ  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2d00bf7-2d40-416f-90f7-dea5b9567e78 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@)л  ]Ɋ& !)л  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a60d29fc-d625-4b71-b241-604d5bce32b4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2d00bf7-2d40-416f-90f7-dea5b9567e78 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XFл  ]Ɋ& !XFл  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pFл  ]Ɋ& !XFл  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hFл  ]Ɋ& !XFл  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`Fл  ]Ɋ& !XFл  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Fл  ]Ɋ& !XFл  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hFл  ]Ɋ& !XFл  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**Fл  ]Ɋ&  !Fл  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8dd22f9d-500a-4a54-adc3-ba073d1e1f4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng**Fл  ]Ɋ& !Fл  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2f3374c6-9c1c-4b5b-bd05-025336c4bd6b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8dd22f9d-500a-4a54-adc3-ba073d1e1f4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8Fл  ]Ɋ& !XFл  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**PFл  ]Ɋ& !XFл  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF& F&ndPath= CommandLine=8F& ElfChnk )0&FRMu=VysMc&&**PFл  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!XFл  F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**HFл  ]Ɋ& !XFл  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**HFл  ]Ɋ& !XFл  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**HFл  ]Ɋ& !XFл  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH**Fл  ]Ɋ& !Fл  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8012e690-b4d7-44c7-97ff-7e51de28f889 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**Fл  ]Ɋ& !Fл  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2703510a-207a-4c03-b1e5-720c44abd0c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8012e690-b4d7-44c7-97ff-7e51de28f889 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**XZѻ  ]Ɋ& !XZѻ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**pZѻ  ]Ɋ& !XZѻ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**hZѻ  ]Ɋ& !XZѻ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**`Zѻ  ]Ɋ& !XZѻ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=30`**`Zѻ  ]Ɋ& !XZѻ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**`Zѻ  ]Ɋ& !XZѻ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Zѻ  ]Ɋ& !Zѻ  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0c9f347c-2f8c-4958-b078-8ab8131ece7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**Zѻ  ]Ɋ& !Zѻ  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e991d345-5cfd-4114-b717-e7e86456b991 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0c9f347c-2f8c-4958-b078-8ab8131ece7d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**(Zѻ  ]Ɋ& !XZѻ  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8(**@Zѻ  ]Ɋ& !XZѻ  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@Zѻ  ]Ɋ& !XZѻ  F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**8Zѻ  ]Ɋ& !XZѻ  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**8Zѻ  ]Ɋ& !XZѻ  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**8Zѻ  ]Ɋ& !XZѻ  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Zѻ  ]Ɋ& !Zѻ  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7432d54a-a455-41d2-acf1-ded26609e98e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** һ  ]Ɋ& ! һ  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d80ca26a-5087-467f-87fe-c37da0057838 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7432d54a-a455-41d2-acf1-ded26609e98e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**X$ӻ  ]Ɋ& !X$ӻ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p$ӻ  ]Ɋ& !X$ӻ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**p$ӻ  ]Ɋ& !X$ӻ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**h$ӻ  ]Ɋ& !X$ӻ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**h$ӻ  ]Ɋ& !X$ӻ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h$ӻ  ]Ɋ& !X$ӻ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**$ӻ  ]Ɋ&  !$ӻ  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7be0fbac-0358-40e9-ae0e-962d3fcef025 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**UԻ  ]Ɋ& !UԻ  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efc021b1-844d-4eb5-8781-f671eee852c7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7be0fbac-0358-40e9-ae0e-962d3fcef025 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq**UԻ  ]Ɋ& '!XUԻ  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**UԻ  ]Ɋ& ?!XUԻ  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**UԻ  ]Ɋ& ;!XUԻ  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**UԻ  ]Ɋ& 3!XUԻ  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **UԻ  ]Ɋ& 3!XUԻ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**UԻ  ]Ɋ& 5!XUԻ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0UԻ  ]Ɋ& !UԻ  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2b9277ed-ecc0-4d84-8cae-97c90aaced57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@dԻ  ]Ɋ& !dԻ  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d88124db-7392-4a52-8d97-aa0ad80879fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2b9277ed-ecc0-4d84-8cae-97c90aaced57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**,x ]Ɋ& )!X,x F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**,x ]Ɋ& A!X,x F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**,x ]Ɋ& =!X,x F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**,x ]Ɋ& 5!X,x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**,x ]Ɋ& 5!X,x F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**,x ]Ɋ& 7!X,x F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0,x ]Ɋ& !,x F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=90085dab-ef54-4db5-85f6-c3d2fbd86096 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@YIx ]Ɋ& !YIx F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4684cae7-a106-42c4-9bf3-afb4cefe1b8a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=90085dab-ef54-4db5-85f6-c3d2fbd86096 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**XYIx ]Ɋ& !XYIx F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e1fX**pYIx ]Ɋ& !XYIx F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**hYIx ]Ɋ& !XYIx F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XYIx F&dLine=8F& ElfChnk//(?>ldMu=VysMc&&**hYIx ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!XYIx F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fh**`YIx ]Ɋ& !XYIx F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hYIx ]Ɋ& !XYIx F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**YIx ]Ɋ&  !YIx F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae7acff0-e65f-408a-878b-77d2d4218bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**x ]Ɋ& !x F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f943a2a1-1378-4214-a415-cb658ed1d4c8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae7acff0-e65f-408a-878b-77d2d4218bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**8x ]Ɋ& !Xx F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Px ]Ɋ& !Xx F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Px ]Ɋ& !Xx F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hx ]Ɋ& !Xx F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H x ]Ɋ& !Xx  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H x ]Ɋ& !Xx  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H** x ]Ɋ& !x  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cab634aa-57d5-49be-a59d-154ab391d214 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** zx ]Ɋ& !zx  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ede1692b-72e8-416f-ba41-ae3cc44b6e78 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cab634aa-57d5-49be-a59d-154ab391d214 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X zx ]Ɋ& !Xzx  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**pzx ]Ɋ& !Xzx F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**hzx ]Ɋ& !Xzx F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**`zx ]Ɋ& !Xzx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`zx ]Ɋ& !Xzx F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`zx ]Ɋ& !Xzx F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**zx ]Ɋ& !zx F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc56d2d1-d256-4e70-9a90-a550571ae195 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**zx ]Ɋ& !zx F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b96dbe96-c7ab-47fb-9aa6-2815badad53a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc56d2d1-d256-4e70-9a90-a550571ae195 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**(zx ]Ɋ& !Xzx F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@zx ]Ɋ& !Xzx F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@zx ]Ɋ& !Xzx F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**8zx ]Ɋ& !Xzx F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**8zx ]Ɋ& !Xzx F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8788**8zx ]Ɋ& !Xzx F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**zx ]Ɋ& !zx F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=53407b1b-ec67-47d6-a44b-592290d31649 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**x ]Ɋ& !x F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e44944bc-255f-4814-b776-03503f0c8a24 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=53407b1b-ec67-47d6-a44b-592290d31649 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **Xx ]Ɋ& !Xx F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**px ]Ɋ& !Xx F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**px ]Ɋ& !Xx F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**h x ]Ɋ& !Xx  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**h!x ]Ɋ& !Xx! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h"x ]Ɋ& !Xx" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**#x ]Ɋ&  !x# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d882c6ec-c983-4a9d-9118-87fbb8acc3e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **$vux ]Ɋ& !vux$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7ebde328-3283-4bd5-8e2e-dcf5321af0ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d882c6ec-c983-4a9d-9118-87fbb8acc3e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **%x ]Ɋ& '!Xx% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**&x ]Ɋ& ?!Xx& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**'x ]Ɋ& ;!Xx' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**(x ]Ɋ& 3!Xx( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**)x ]Ɋ& 3!Xx) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS***x ]Ɋ& 5!Xx* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**0+x ]Ɋ& !x+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3e3f402d-584d-4365-ad3f-840f9d21b9ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@,:?x ]Ɋ& !:?x, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4b2934ca-92c0-45c2-aa7d-352f3f89fa84 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3e3f402d-584d-4365-ad3f-840f9d21b9ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**-{ ]Ɋ& )!X{- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**.{ ]Ɋ& A!X{. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**/{ ]Ɋ& =!X{/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX{0 F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XYIx F&dLine=8F& ElfChnk0`0`p!Mu=VysMc&&**0{ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X{0 F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **1{ ]Ɋ& 5!X{1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**2{ ]Ɋ& 7!X{2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**03{ ]Ɋ& !{3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c59c7cc-a2d4-448f-8217-4bbbb1a3f1bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@4 ]Ɋ& !4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c232221c-100e-44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c59c7cc-a2d4-448f-8217-4bbbb1a3f1bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1d4@**X5> ]Ɋ& !X>5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**p6> ]Ɋ& !X>6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=72ep**h7> ]Ɋ& !X>7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eh**`8> ]Ɋ& !X>8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`9> ]Ɋ& !X>9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h:> ]Ɋ& !X>: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**;> ]Ɋ&  !>; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d30df1cb-5e99-4a83-b6b6-6fd16093b8df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS**<> ]Ɋ& !>< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a60d9001-51ba-403b-9b94-9ba34b6ffa31 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d30df1cb-5e99-4a83-b6b6-6fd16093b8df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8= ]Ɋ& !X= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**P> ]Ɋ& !X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**P? ]Ɋ& !X? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**H@ ]Ɋ& !X@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**HA ]Ɋ& !XA F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**HB ]Ɋ& !XB F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=15bH**C ]Ɋ& !C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd723b41-5ff0-4b66-b39f-048a72a90cb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58c4b859-b0d3-42b9-8b03-98f9a7c06144 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd723b41-5ff0-4b66-b39f-048a72a90cb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**XEk ]Ɋ& !XkE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e449X**pFk ]Ɋ& !XkF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**hGk ]Ɋ& !XkG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`Hk ]Ɋ& !XkH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`Ik ]Ɋ& !XkI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`Jk ]Ɋ& !XkJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**Kk ]Ɋ& !kK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a7dac10b-cc09-49a2-9aef-ac186488218d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**Lk ]Ɋ& !kL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=179f2594-5413-4934-964b-a9779591a4cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a7dac10b-cc09-49a2-9aef-ac186488218d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4bc**(MI ]Ɋ& !XIM F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@NI ]Ɋ& !XIN F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@OI ]Ɋ& !XIO F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8PI ]Ɋ& !XIP F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8QI ]Ɋ& !XIQ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8RI ]Ɋ& !XIR F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8**SI ]Ɋ& !IS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=363af690-f70c-428c-9a86-03ec0b73ca8b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e2**T ]Ɋ& !T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5d5b27d-fc30-4dfd-a0e9-4e17402fec1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=363af690-f70c-428c-9a86-03ec0b73ca8b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**XUC ]Ɋ& !XCU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**pVC ]Ɋ& !XCV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pWC ]Ɋ& !XCW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hXC ]Ɋ& !XCX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**hYC ]Ɋ& !XCY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**hZC ]Ɋ& !XCZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fah**[C ]Ɋ&  !C[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ae6532b-6f21-42fb-bafc-4d1ed9ab5f89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**\ ]Ɋ& !\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=083a5a94-065e-457f-992d-4767fe887c7e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ae6532b-6f21-42fb-bafc-4d1ed9ab5f89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue**] ]Ɋ& '!X] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**^ ]Ɋ& ?!X^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**_ ]Ɋ& ;!X_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**` ]Ɋ& 3!X` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioXa F&44c3-8932-fb2ce54dba1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX{0 F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XYIx F&dLine=8F& ElfChnkaaHO·eMMu=VysMc&&** a ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xa F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **b ]Ɋ& 5!Xb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine={**0c ]Ɋ& !c F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f60c585e-9a80-49d7-a148-d7f25ae04bce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=930**@d  ]Ɋ& ! d F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58a4e5f3-0165-48a5-8e91-1566b64a418d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f60c585e-9a80-49d7-a148-d7f25ae04bce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**e; ]Ɋ& )!X;e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **f; ]Ɋ& A!X;f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**g; ]Ɋ& =!X;g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**h; ]Ɋ& 5!X;h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4b**i; ]Ɋ& 5!X;i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns**j; ]Ɋ& 7!X;j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0k; ]Ɋ& !;k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=884d30cb-1685-44df-b9bd-dcceba6d17c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@lĺ; ]Ɋ& !ĺ;l F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=773d74e6-4fce-4ecf-a390-fb3586cd358e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=884d30cb-1685-44df-b9bd-dcceba6d17c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**Xmĺ; ]Ɋ& !Xĺ;m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**pnĺ; ]Ɋ& !Xĺ;n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hoĺ; ]Ɋ& !Xĺ;o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`pĺ; ]Ɋ& !Xĺ;p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`qĺ; ]Ɋ& !Xĺ;q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hrĺ; ]Ɋ& !Xĺ;r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh**s[S; ]Ɋ&  ![S;s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b62a5664-1e8b-434e-9ea9-306bfafdfc4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe**t[S; ]Ɋ& ![S;t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=66ef0a81-76b0-4a86-abea-cfd343c7ad29 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b62a5664-1e8b-434e-9ea9-306bfafdfc4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**8u[S; ]Ɋ& !X[S;u F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**Pv[S; ]Ɋ& !X[S;v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**Pw[S; ]Ɋ& !X[S;w F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hx[S; ]Ɋ& !X[S;x F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**Hy[S; ]Ɋ& !X[S;y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hz[S; ]Ɋ& !X[S;z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**{[S; ]Ɋ& ![S;{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=971762cf-78dc-4ea4-bee5-9bfc729dd76f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|; ]Ɋ& !;| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4e542b85-28b3-4ac5-bff8-a00d5e1697dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=971762cf-78dc-4ea4-bee5-9bfc729dd76f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}; ]Ɋ& !X;} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**p~; ]Ɋ& !X;~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h; ]Ɋ& !X; F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`; ]Ɋ& !X; F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fd`**`; ]Ɋ& !X; F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`; ]Ɋ& !X; F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=69bef2d4-b8fc-4687-8e3b-993e010680c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**; ]Ɋ& !; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4943c628-8144-4eda-ac8d-c1362ff64abb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=69bef2d4-b8fc-4687-8e3b-993e010680c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==36**(; ]Ɋ& !X; F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@; ]Ɋ& !X; F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@; ]Ɋ& !X; F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**8; ]Ɋ& !X; F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8; ]Ɋ& !X; F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8; ]Ɋ& !X; F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=01c06351-b019-466d-bd1b-d47686018d9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S**; ]Ɋ& !; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7721748f-79f2-455f-9445-397d2b6d4100 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=01c06351-b019-466d-bd1b-d47686018d9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**X; ]Ɋ& !X; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p; ]Ɋ& !X; F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p; ]Ɋ& !X; F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**h; ]Ɋ& !X; F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**h; ]Ɋ& !X; F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**h; ]Ɋ& !X; F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=349d7535-a486-44a5-b47b-a2fbb28b0799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk8?`˸$Mu=VysMc&&** ; ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !; F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=905c4d81-6c71-4682-aa9f-22939ba7520d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=349d7535-a486-44a5-b47b-a2fbb28b0799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **p? ]Ɋ& !X? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**h? ]Ɋ& !X? F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**h? ]Ɋ& !X? F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h? ]Ɋ& !X? F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**? ]Ɋ&  !? F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c75cbdf-db36-4968-9053-e91820268058 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**l8 ]Ɋ& !l8 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=037a7663-a40e-4385-bcb6-517c3df49ab2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c75cbdf-db36-4968-9053-e91820268058 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d75** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=539** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=04dce558-6506-42a0-8f11-29fe2cafe892 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@i ]Ɋ& !i F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0f3b58c7-5e98-4597-bb0d-d6b3e9aa4039 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=04dce558-6506-42a0-8f11-29fe2cafe892 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Ѐ ]Ɋ& )!XЀ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **Ѐ ]Ɋ& A!XЀ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**Ѐ ]Ɋ& =!XЀ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**Ѐ ]Ɋ& 5!XЀ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**Ѐ ]Ɋ& 5!XЀ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**Ѐ ]Ɋ& 7!XЀ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0Ѐ ]Ɋ& !Ѐ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a5135fc-2c02-4e50-847b-44364612c2ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@g ]Ɋ& !g F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5bcccac7-1d6f-4cc3-b6cf-80756bf92409 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a5135fc-2c02-4e50-847b-44364612c2ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=10cd5252-ed1a-4f08-a43e-7dfb0d2855fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5e520-4d6e-42f4-be02-8bd54a91003a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=10cd5252-ed1a-4f08-a43e-7dfb0d2855fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8J ]Ɋ& !XJ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**PJ ]Ɋ& !XJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PJ ]Ɋ& !XJ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**HJ ]Ɋ& !XJ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HJ ]Ɋ& !XJ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HJ ]Ɋ& !XJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**J ]Ɋ& !J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=360910f9-8210-4b19-bba8-dc7a2e4cfc2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**J ]Ɋ& !J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4f21d5b2-27b1-401d-8e12-866ca5d00ba4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=360910f9-8210-4b19-bba8-dc7a2e4cfc2e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X* ]Ɋ& !X* F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**p* ]Ɋ& !X* F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**h* ]Ɋ& !X* F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`* ]Ɋ& !X* F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`* ]Ɋ& !X* F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`* ]Ɋ& !X* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`*** ]Ɋ& !* F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa541d28-d8a0-4b39-9b34-6896401bbee5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a*** ]Ɋ& !* F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31f063ce-0d99-4585-bb61-b328e1bd16bf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa541d28-d8a0-4b39-9b34-6896401bbee5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**({ ]Ɋ& !X{ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@{ ]Ɋ& !X{ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@{ ]Ɋ& !X{ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@ 65535 Eng ]Ɋ& ndX{ F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X? F&aceId=349d7535-a486-44a5-b47b-a2fbb28b0799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk((pMu=VysMc&&**8 { ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X{ F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8{ ]Ɋ& !X{ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8{ ]Ɋ& !X{ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**{ ]Ɋ& !{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bf10f4c2-a179-4fa7-b88f-f158ab753044 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=03**W ]Ɋ& !W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb34c003-1a2b-4585-b4e4-d64d624c9a0f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bf10f4c2-a179-4fa7-b88f-f158ab753044 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**XH ]Ɋ& !XH F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pH ]Ɋ& !XH F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pH ]Ɋ& !XH F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hH ]Ɋ& !XH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**hH ]Ɋ& !XH F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**hH ]Ɋ& !XH F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8-h**H ]Ɋ&  !H F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=552e8b58-41df-4802-842c-096e71fcb058 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**ާ ]Ɋ& !ާ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ff30ccef-7269-457d-9556-bd8d2e541a45 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=552e8b58-41df-4802-842c-096e71fcb058 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[**u@ ]Ɋ& '!Xu@ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**u@ ]Ɋ& ?!Xu@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**u@ ]Ɋ& ;!Xu@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**u@ ]Ɋ& 3!Xu@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** u@ ]Ɋ& 3!Xu@  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp** u@ ]Ɋ& 5!Xu@  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0 u@ ]Ɋ& !u@  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9a53fe87-f4f4-4673-88f4-1c8dc15d6709 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@ q ]Ɋ& !q  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=16f11c6e-f445-49fd-8a4a-e4f3bd4af767 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9a53fe87-f4f4-4673-88f4-1c8dc15d6709 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@** BKN ]Ɋ& )!XBKN  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**BKN ]Ɋ& A!XBKN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**BKN ]Ɋ& =!XBKN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**BKN ]Ɋ& 5!XBKN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**BKN ]Ɋ& 5!XBKN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**BKN ]Ɋ& 7!XBKN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0\KN ]Ɋ& !\KN F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9297f52a-55e0-4d1b-b1fa-6bb274de87f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@sLN ]Ɋ& !sLN F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=27fdb5a2-44a5-4f46-adad-9dbbf0acc7b9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9297f52a-55e0-4d1b-b1fa-6bb274de87f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6e-@**X MN ]Ɋ& !X MN F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**p MN ]Ɋ& !X MN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**h MN ]Ɋ& !X MN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5h**` MN ]Ɋ& !X MN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**` MN ]Ɋ& !X MN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5`**h MN ]Ɋ& !X MN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph** MN ]Ɋ&  ! MN F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de55cc96-7e18-4303-853c-7cf5d2dd323d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru** MN ]Ɋ& ! MN F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd9b57-0f34-442d-9984-2cc25b60cf4e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de55cc96-7e18-4303-853c-7cf5d2dd323d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8MN ]Ɋ& !XMN F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**PMN ]Ɋ& !XMN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**PMN ]Ɋ& !XMN F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**H MN ]Ɋ& !XMN  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bd16H**H!MN ]Ɋ& !XMN! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-bb6H**H"MN ]Ɋ& !XMN" F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce-H**#MN ]Ɋ& !MN# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b134f794-131c-484e-9b40-8fc7a9dd65d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6bf**$MN ]Ɋ& !MN$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a519dbef-e4fb-4cde-9977-6598db62b548 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b134f794-131c-484e-9b40-8fc7a9dd65d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**X%MN ]Ɋ& !XMN% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**p&MN ]Ɋ& !XMN& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**h'MN ]Ɋ& !XMN' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`(MN ]Ɋ& !XMN( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CXMN) F&wid@ 65535 Eng ]Ɋ& ndX{ F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X? F&aceId=349d7535-a486-44a5-b47b-a2fbb28b0799 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk)Z)ZhL<97Mu=VysMc&&**h)MN ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!XMN) F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`*MN ]Ɋ& !XMN* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**+MN ]Ɋ& !MN+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00573e81-f5a0-4765-89c4-8a2cea8a3f44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**,MN ]Ɋ& !MN, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e4edb2b1-16fb-4825-97f9-0ec284baad51 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00573e81-f5a0-4765-89c4-8a2cea8a3f44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(-=NN ]Ɋ& !X=NN- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@.=NN ]Ɋ& !X=NN. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0@**@/=NN ]Ɋ& !X=NN/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**80=NN ]Ɋ& !X=NN0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**81=NN ]Ɋ& !X=NN1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**82=NN ]Ɋ& !X=NN2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**3=NN ]Ɋ& !=NN3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c007f07d-461f-4adb-8127-49a943670f45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**4LNN ]Ɋ& !LNN4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dad335f1-1bfc-404e-94bb-fe2a3fab9715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c007f07d-461f-4adb-8127-49a943670f45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X5PN ]Ɋ& !XPN5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p6PN ]Ɋ& !XPN6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p7PN ]Ɋ& !XPN7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h8PN ]Ɋ& !XPN8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h9PN ]Ɋ& !XPN9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h:PN ]Ɋ& !XPN: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**;PN ]Ɋ&  !PN; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb02e2f2-9580-4de2-b066-5baecdcb6cee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**<8QN ]Ɋ& !8QN< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e39918df-c79f-4453-84e9-f9ca831825de HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb02e2f2-9580-4de2-b066-5baecdcb6cee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**=8QN ]Ɋ& '!X8QN= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**>8QN ]Ɋ& ?!X8QN> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**?8QN ]Ɋ& ;!X8QN? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@8QN ]Ɋ& 3!X8QN@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==27**A8QN ]Ɋ& 3!X8QNA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**B8QN ]Ɋ& 5!X8QNB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f4**0C8QN ]Ɋ& !8QNC F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d3e18ffe-7052-4348-a9b9-fc5faae201b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@DiRN ]Ɋ& !iRND F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40ebf698-89f8-4b1e-b9d5-e6772a19c396 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d3e18ffe-7052-4348-a9b9-fc5faae201b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**E ]Ɋ& !XE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**F ]Ɋ& !XF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**G ]Ɋ& !XG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= M**H ]Ɋ&  !XH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**I ]Ɋ&  !XI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=duc**J ]Ɋ&  !XJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**K ]Ɋ& ]!K F&:AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=4.0 RunspaceId=ed27adc1-23b1-4edf-adfc-3bdf26f1ce02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=60**L@ ]Ɋ& i!@L F&FStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4af2e0c4-e67a-40d6-b037-8635a62b5438 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=4.0 RunspaceId=ed27adc1-23b1-4edf-adfc-3bdf26f1ce02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=1**Mw ]Ɋ& )!XwM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=MN**Nw ]Ɋ& A!XwN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ow ]Ɋ& =!XwO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**Pw ]Ɋ& 5!XwP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**Qw ]Ɋ& 5!XwQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gi**Rw ]Ɋ& 7!XwR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0Sw ]Ɋ& !wS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4171f354-10a7-407b-9275-a35a78ee2bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@Tw ]Ɋ& !wT F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dde7b3f9-37b2-4bd7-b1cb-d0237f2af5cf HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4171f354-10a7-407b-9275-a35a78ee2bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=usS@**XUw ]Ɋ& !XwU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rStX**pVw ]Ɋ& !XwV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Wmp**hWw ]Ɋ& !XwW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eh**`Xw ]Ɋ& !XwX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h`**`Yw ]Ɋ& !XwY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h`**hZw ]Ɋ& !XwZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h F& ]Ɋ& Piw[ F&mmandType= ScriptName= CommandPath= CommandLine=ElfChnk[[L Ptn(Mu=VysMc&&**[w ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !w[ F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4609a55c-796d-4bc6-a38c-52a8a9a5190f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\w ]Ɋ& !w\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=127fb154-efd5-499b-8efe-19c11a6e80c5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4609a55c-796d-4bc6-a38c-52a8a9a5190f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F**8]w ]Ɋ& !Xw] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P^w ]Ɋ& !Xw^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=anP**P_w ]Ɋ& !Xw_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-objP**H`w ]Ɋ& !Xw` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s['iH**Haw ]Ɋ& !Xwa F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppH**Hbw ]Ɋ& !Xwb F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedH**cw ]Ɋ& !wc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c9e3bdc-1574-40d8-8712-685b848ef2c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**dw ]Ɋ& !wd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bbd72d5a-fcda-41c7-8a31-81b97ab4eebc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c9e3bdc-1574-40d8-8712-685b848ef2c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xew ]Ɋ& !Xwe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RX**pfw ]Ɋ& !Xwf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfo]p**hgw ]Ɋ& !Xwg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lth**`hw ]Ɋ& !Xwh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= S`**`iw ]Ɋ& !Xwi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pi`**`jw ]Ɋ& !Xwj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=D`**kw ]Ɋ& !wk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52d8cf8c-17c2-4ff6-8a0e-551786b3789c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**l2Ow ]Ɋ& !2Owl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e36a251c-c4b6-4b0a-8fec-38668e879027 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52d8cf8c-17c2-4ff6-8a0e-551786b3789c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(m2Ow ]Ɋ& !X2Owm F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5(**@n2Ow ]Ɋ& !X2Own F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@o2Ow ]Ɋ& !X2Owo F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:\S@**8p2Ow ]Ɋ& !X2Owp F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3998**8q2Ow ]Ɋ& !X2Owq F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8r2Ow ]Ɋ& !X2Owr F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==48**s2Ow ]Ɋ& !2Ows F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=04f31d02-d928-4a34-8aba-94dd1c4386a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= O**tw ]Ɋ& !wt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d24ff66-a90b-4b16-aebc-e7a5cb9a9dac HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=04f31d02-d928-4a34-8aba-94dd1c4386a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultu**Xuw ]Ɋ& !Xwu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6X**pvw ]Ɋ& !Xwv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pww ]Ɋ& !Xww F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Patp**hxw ]Ɋ& !Xwx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hyw ]Ɋ& !Xwy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hzw ]Ɋ& !Xwz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**{w ]Ɋ&  !w{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03b861a9-0cd3-46de-9c19-dbdbdb99e349 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=***|w ]Ɋ& !w| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d3f8aea-e93c-4386-b84f-08f5585955c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03b861a9-0cd3-46de-9c19-dbdbdb99e349 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**}w ]Ɋ& '!Xw} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**~w ]Ɋ& ?!Xw~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**w ]Ɋ& ;!Xw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==1 **w ]Ɋ& 3!Xw F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **w ]Ɋ& 3!Xw F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **w ]Ɋ& 5!Xw F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp**0w ]Ɋ& !w F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4fd62f76-df96-4a27-953e-be19a76d25b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e70**@w ]Ɋ& !w F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b0ccd34-ef3a-40f8-be54-4514d178a3a1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4fd62f76-df96-4a27-953e-be19a76d25b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= @**x ]Ɋ& )!Xx F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspa**x ]Ɋ& A!Xx F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me, **x ]Ɋ& =!Xx F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**x ]Ɋ& 5!Xx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1a**x ]Ɋ& 5!Xx F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=so**x ]Ɋ& 7!Xx F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0XWy ]Ɋ& !XWy F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e728ea3-568f-49e2-9c10-c3710e187ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N0e= CommandPath= CommandLine=ElfChnkX1ѢuMu=VysMc&&**@y ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!y F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e728ea3-568f-49e2-9c10-c3710e187ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xz ]Ɋ& !Xz F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bc6X**pz ]Ɋ& !Xz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**hz ]Ɋ& !Xz F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`z ]Ɋ& !Xz F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`z ]Ɋ& !Xz F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hz ]Ɋ& !Xz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**z ]Ɋ&  !z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dee7215c-bb51-4849-ab6c-c5a99a4bc03e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**z ]Ɋ& !z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=24b46f0d-4ec7-46d5-a303-3e5171397681 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dee7215c-bb51-4849-ab6c-c5a99a4bc03e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8z ]Ɋ& !Xz F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**Pz ]Ɋ& !Xz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**Pz ]Ɋ& !Xz F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**Hz ]Ɋ& !Xz F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**Hz ]Ɋ& !Xz F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**Hz ]Ɋ& !Xz F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**z ]Ɋ& !z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=251520fc-3bca-4d58-8b09-cbe7f8e3c792 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**z ]Ɋ& !z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0da45946-776a-43cd-a56d-fcdb9102c959 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=251520fc-3bca-4d58-8b09-cbe7f8e3c792 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**X!{ ]Ɋ& !X!{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-551X**p!{ ]Ɋ& !X!{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h!{ ]Ɋ& !X!{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`!{ ]Ɋ& !X!{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b-`**`!{ ]Ɋ& !X!{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`!{ ]Ɋ& !X!{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**!{ ]Ɋ& !!{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00594839-174a-4324-b1b1-4896c8dd288d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**!{ ]Ɋ& !!{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bfb4278e-8951-44d6-885b-0982da967802 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00594839-174a-4324-b1b1-4896c8dd288d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(!{ ]Ɋ& !X!{ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@!{ ]Ɋ& !X!{ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@!{ ]Ɋ& !X!{ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8!{ ]Ɋ& !X!{ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8!{ ]Ɋ& !X!{ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8!{ ]Ɋ& !X!{ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**!{ ]Ɋ& !!{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e472164d-8974-4a73-8608-3fcf2091cbd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **HR| ]Ɋ& !HR| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=102925a6-20da-448d-b74e-06e7d9e22e11 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e472164d-8974-4a73-8608-3fcf2091cbd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**Xu} ]Ɋ& !Xu} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pu} ]Ɋ& !Xu} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pu} ]Ɋ& !Xu} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**hu} ]Ɋ& !Xu} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**hu} ]Ɋ& !Xu} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**hu} ]Ɋ& !Xu} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh**u} ]Ɋ&  !u} F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=032c19ef-872e-4153-98b6-c174fc070ce4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ~ ]Ɋ& ! ~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a489c5b9-634b-4dba-b319-fa7b7c0d6d04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=032c19ef-872e-4153-98b6-c174fc070ce4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**~ ]Ɋ& '!X~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**~ ]Ɋ& ?!X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**~ ]Ɋ& ;!X~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& 3!X~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro**~ ]Ɋ& 3!X~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& 5!X~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0~ ]Ɋ& !~ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7e686d54-2ff6-4099-863d-79306b9e2a27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os9M F&on=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e728ea3-568f-49e2-9c10-c3710e187ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N0e= CommandPath= CommandLine=ElfChnkp5GMu=VysMc&&**@ 9M ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!9M F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=10086d6e-5ad0-4c71-8b75-1f97ce09542c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7e686d54-2ff6-4099-863d-79306b9e2a27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ **,V?! ]Ɋ& )!X,V?! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=3 **,V?! ]Ɋ& A!X,V?! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNa**,V?! ]Ɋ& =!X,V?! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,V?! ]Ɋ& 5!X,V?! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **,V?! ]Ɋ& 5!X,V?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**,V?! ]Ɋ& 7!X,V?! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0,V?! ]Ɋ& !,V?! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e06b7b9-2447-4245-a016-5aafea978193 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@^W?! ]Ɋ& !^W?! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3899a4b9-49f7-444e-bc59-cbfa01354e34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e06b7b9-2447-4245-a016-5aafea978193 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X^W?! ]Ɋ& !X^W?! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p^W?! ]Ɋ& !X^W?! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h^W?! ]Ɋ& !X^W?! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`^W?! ]Ɋ& !X^W?! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`^W?! ]Ɋ& !X^W?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h^W?! ]Ɋ& !X^W?! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**^W?! ]Ɋ&  !^W?! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2718ee48-d69a-47c0-841a-753a4b82476f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **^W?! ]Ɋ& !^W?! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8afabe3d-1fa8-4add-bd8f-776344aeb38a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2718ee48-d69a-47c0-841a-753a4b82476f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8iY?! ]Ɋ& !XiY?! F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**PiY?! ]Ɋ& !XiY?! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**PiY?! ]Ɋ& !XiY?! F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**HiY?! ]Ɋ& !XiY?! F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**HiY?! ]Ɋ& !XiY?! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**HiY?! ]Ɋ& !XiY?! F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**iY?! ]Ɋ& !iY?! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ba30705-657e-4650-80a5-05ed8dfd586d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**iY?! ]Ɋ& !iY?! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7b2d5d25-96a2-485e-90d9-ef65d55df5c8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ba30705-657e-4650-80a5-05ed8dfd586d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**XiY?! ]Ɋ& !XiY?! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**piY?! ]Ɋ& !XiY?! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**hiY?! ]Ɋ& !XiY?! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`iY?! ]Ɋ& !XiY?! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`iY?! ]Ɋ& !XiY?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`iY?! ]Ɋ& !XiY?! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**iY?! ]Ɋ& !iY?! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0af057d9-8741-417e-998f-7dcf2de269ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**YZ?! ]Ɋ& !YZ?! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72b6a45b-d802-4dc5-a5de-bb14a44c9176 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0af057d9-8741-417e-998f-7dcf2de269ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(YZ?! ]Ɋ& !XYZ?! F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d(**@YZ?! ]Ɋ& !XYZ?! F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@YZ?! ]Ɋ& !XYZ?! F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8YZ?! ]Ɋ& !XYZ?! F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8YZ?! ]Ɋ& !XYZ?! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8YZ?! ]Ɋ& !XYZ?! F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**YZ?! ]Ɋ& !YZ?! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3f4c9986-7132-4d5d-8d6b-874505bcd773 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**Z?! ]Ɋ& !Z?! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f1bfd540-504a-4e06-bbee-787779ffedce HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3f4c9986-7132-4d5d-8d6b-874505bcd773 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X_?! ]Ɋ& !X_?! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p_?! ]Ɋ& !X_?! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p_?! ]Ɋ& !X_?! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**h_?! ]Ɋ& !X_?! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**h_?! ]Ɋ& !X_?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7ceh**h_?! ]Ɋ& !X_?! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**_?! ]Ɋ&  !_?! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d93439a8-70d9-49a4-9102-5370f0e7b57b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**J_?! ]Ɋ& !J_?! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3244c838-bbe8-408b-aa6c-1dd305373c30 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d93439a8-70d9-49a4-9102-5370f0e7b57b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**J_?! ]Ɋ& '!XJ_?! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(n-US')))}} | ]Ɋ& dOXJ_?! F&=4.0 RunspaceId=7e686d54-2ff6-4099-863d-79306b9e2a27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os9M F&on=4.0 HostId=cb84d766-cf98-4a59-8201-c536e6b63237 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8e728ea3-568f-49e2-9c10-c3710e187ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N0e= CommandPath= CommandLine=ElfChnk 0RTLCMu=VysMc&&** J_?! ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XJ_?! F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt **J_?! ]Ɋ& ;!XJ_?! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**J_?! ]Ɋ& 3!XJ_?! F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma**J_?! ]Ɋ& 3!XJ_?! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0**J_?! ]Ɋ& 5!XJ_?! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0J_?! ]Ɋ& !J_?! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a13a792e-dbf9-45d4-8be9-d326d077b836 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI0**@w`?! ]Ɋ& !w`?! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d369f531-7efe-4600-b794-c65756dde094 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a13a792e-dbf9-45d4-8be9-d326d077b836 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**" ]Ɋ& )!X" F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**" ]Ɋ& A!X" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntiv**" ]Ɋ& =!X" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**" ]Ɋ& 5!X" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=be**" ]Ɋ& 5!X" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um**" ]Ɋ& 7!X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0" ]Ɋ& !" F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae73fcf2-4fde-447b-bfee-dba63c449ed1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@2" ]Ɋ& !2" F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f2cde84a-1101-4021-a2da-5b35c94aad10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae73fcf2-4fde-447b-bfee-dba63c449ed1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= @**X" ]Ɋ& !X" F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==X**p" ]Ɋ& !X" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iYp**h" ]Ɋ& !X" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`" ]Ɋ& !X" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`" ]Ɋ& !X" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h" ]Ɋ& !X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**" ]Ɋ&  !" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0043f964-8de0-46f8-9b34-583f73dd3a00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ڸ**" ]Ɋ& !" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=14187541-1c79-4122-a430-68131b28df1b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0043f964-8de0-46f8-9b34-583f73dd3a00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8" ]Ɋ& !X" F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P" ]Ɋ& !X" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P" ]Ɋ& !X" F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H" ]Ɋ& !X" F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H " ]Ɋ& !X"  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H " ]Ɋ& !X"  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** " ]Ɋ& !"  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b6fc0b7b-9afe-4810-9795-e84cec9c3ff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**** c" ]Ɋ& !c"  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6a3ff7a2-5785-4ba6-a9e8-2e26064e9038 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b6fc0b7b-9afe-4810-9795-e84cec9c3ff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X c" ]Ɋ& !Xc"  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginX**pc" ]Ɋ& !Xc" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hc" ]Ɋ& !Xc" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leh**`c" ]Ɋ& !Xc" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H`**`c" ]Ɋ& !Xc" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`c" ]Ɋ& !Xc" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**c" ]Ɋ& !c" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=41ab4b99-ecb4-4357-8f6e-272311aa2020 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**c" ]Ɋ& !c" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=929d0da9-1a11-4b44-8698-49b248cf1c60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=41ab4b99-ecb4-4357-8f6e-272311aa2020 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**(F" ]Ɋ& !XF" F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@F" ]Ɋ& !XF" F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@F" ]Ɋ& !XF" F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= en@**8F" ]Ɋ& !XF" F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8F" ]Ɋ& !XF" F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_8**8F" ]Ɋ& !XF" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**F" ]Ɋ& !F" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=78d9ba32-c50b-4547-b0f2-b8c8cc00f183 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='i**ܔ" ]Ɋ& !ܔ" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0f4a03ff-78b7-4609-a47d-69f3f3182b92 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=78d9ba32-c50b-4547-b0f2-b8c8cc00f183 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | f**X " ]Ɋ& !X " F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p " ]Ɋ& !X " F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=op**p " ]Ɋ& !X " F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,Dp**h " ]Ɋ& !X "  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nabhd | Out-Stri ]Ɋ& d=X "! F&e187ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N0e= CommandPath= CommandLine=ElfChnk!S!Sd[bAMu=VysMc&&**h ! " ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!X "! F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h" " ]Ɋ& !X "" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**# " ]Ɋ&  ! "# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ed39405-58ec-4016-a89f-545421c11b9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**$^" ]Ɋ& !^"$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a2ee9337-1163-4695-b59f-3973a9c8abf7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ed39405-58ec-4016-a89f-545421c11b9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**%6" ]Ɋ& '!X6"% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**&6" ]Ɋ& ?!X6"& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**'6" ]Ɋ& ;!X6"' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b35**(6" ]Ɋ& 3!X6"( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**)6" ]Ɋ& 3!X6") F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5c9***6" ]Ɋ& 5!X6"* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0+6" ]Ɋ& !6"+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d05b8a77-4e12-4c82-bd55-cf8fa1be5a29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@,͏" ]Ɋ& !͏", F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d980787-3bd9-4708-8b5b-722c2b7cec5c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d05b8a77-4e12-4c82-bd55-cf8fa1be5a29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**-gi$ ]Ɋ& )!Xgi$- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **.gi$ ]Ɋ& A!Xgi$. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**/gi$ ]Ɋ& =!Xgi$/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**0gi$ ]Ɋ& 5!Xgi$0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**1gi$ ]Ɋ& 5!Xgi$1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**2gi$ ]Ɋ& 7!Xgi$2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**03gi$ ]Ɋ& !gi$3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1e798c4-d074-451e-b080-2cd36dcc29a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@4$ ii$ ]Ɋ& !$ ii$4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c6e89f98-752e-4aae-9ac0-83217a133769 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1e798c4-d074-451e-b080-2cd36dcc29a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X5$ ii$ ]Ɋ& !X$ ii$5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p6$ ii$ ]Ɋ& !X$ ii$6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h7$ ii$ ]Ɋ& !X$ ii$7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`8$ ii$ ]Ɋ& !X$ ii$8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`9$ ii$ ]Ɋ& !X$ ii$9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h:$ ii$ ]Ɋ& !X$ ii$: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**;$ ii$ ]Ɋ&  !$ ii$; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7b479ae-b92c-4559-865c-17a230318f61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**<ii$ ]Ɋ& !ii$< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cfa89a7f-d020-4b23-b41c-4dc0149da689 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7b479ae-b92c-4559-865c-17a230318f61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8=ii$ ]Ɋ& !Xii$= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**P>ii$ ]Ɋ& !Xii$> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P?ii$ ]Ɋ& !Xii$? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H@ii$ ]Ɋ& !Xii$@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HAii$ ]Ɋ& !Xii$A F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HBii$ ]Ɋ& !Xii$B F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**Cii$ ]Ɋ& !ii$C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59dc80be-380d-48bf-a69c-e258a7681623 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**Dii$ ]Ɋ& !ii$D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=60a40ba9-5af3-4679-9d07-5674f644ce44 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59dc80be-380d-48bf-a69c-e258a7681623 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XEii$ ]Ɋ& !Xii$E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**pFii$ ]Ɋ& !Xii$F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**hGii$ ]Ɋ& !Xii$G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`Hii$ ]Ɋ& !Xii$H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`Iii$ ]Ɋ& !Xii$I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`Jii$ ]Ɋ& !Xii$J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**Kii$ ]Ɋ& !ii$K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e312706d-de0f-4403-af70-51e8e10de698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**LQ;ji$ ]Ɋ& !Q;ji$L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3e594fd1-70a1-4dcd-9fdd-e45699fadaff HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e312706d-de0f-4403-af70-51e8e10de698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(MQ;ji$ ]Ɋ& !XQ;ji$M F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@NQ;ji$ ]Ɋ& !XQ;ji$N F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@OQ;ji$ ]Ɋ& !XQ;ji$O F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@**8PQ;ji$ ]Ɋ& !XQ;ji$P F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da8**8QQ;ji$ ]Ɋ& !XQ;ji$Q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\Un8**8RQ;ji$ ]Ɋ& !XQ;ji$R F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on8**SQ;ji$ ]Ɋ& !Q;ji$S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ced85dbc-e602-4d76-ac3c-f0c399a26271 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id CommandNam ]Ɋ&  ji$T F&ndPath= CommandLine=ElfChnkTTp Mu=VysMc&&** Tji$ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! y!ji$T F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c1333bab-668a-44ab-92ae-0a4be14567ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ced85dbc-e602-4d76-ac3c-f0c399a26271 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XUli$ ]Ɋ& !Xli$U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sX**pVli$ ]Ɋ& !Xli$V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pWli$ ]Ɋ& !Xli$W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izep**hXli$ ]Ɋ& !Xli$X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hYli$ ]Ɋ& !Xli$Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**hZli$ ]Ɋ& !Xli$Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6h**[li$ ]Ɋ&  !li$[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7f331ec-176d-424a-b6f9-a5b44734ba9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**\li$ ]Ɋ& !li$\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5cff7cf7-4cb6-4d16-bc7a-cdb014460e6e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7f331ec-176d-424a-b6f9-a5b44734ba9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**]B6mi$ ]Ɋ& '!XB6mi$] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**^B6mi$ ]Ɋ& ?!XB6mi$^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**_B6mi$ ]Ɋ& ;!XB6mi$_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta**`B6mi$ ]Ɋ& 3!XB6mi$` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**aB6mi$ ]Ɋ& 3!XB6mi$a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate**bB6mi$ ]Ɋ& 5!XB6mi$b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**0cB6mi$ ]Ɋ& !B6mi$c F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a5ce03f1-adc8-42ef-8e7c-2a537cbcdf89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st0**@dmi$ ]Ɋ& !mi$d F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=811265cc-cbfd-4050-b9a7-d487ef3c42a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a5ce03f1-adc8-42ef-8e7c-2a537cbcdf89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam@**e#9& ]Ɋ& )!X#9&e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**f#9& ]Ɋ& A!X#9&f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**g#9& ]Ɋ& =!X#9&g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**h#9& ]Ɋ& 5!X#9&h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**i#9& ]Ɋ& 5!X#9&i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**j#9& ]Ɋ& 7!X#9&j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0k#9& ]Ɋ& !#9&k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=78c4208c-9251-493f-9fb2-56dc1313ade9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@lP:& ]Ɋ& !P:&l F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=32f81916-de5d-4d5b-a8f9-2011b7e8ae2c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=78c4208c-9251-493f-9fb2-56dc1313ade9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**XmP:& ]Ɋ& !XP:&m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CX**pnP:& ]Ɋ& !XP:&n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**hoP:& ]Ɋ& !XP:&o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`pP:& ]Ɋ& !XP:&p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`qP:& ]Ɋ& !XP:&q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hrP:& ]Ɋ& !XP:&r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**sP:& ]Ɋ&  !P:&s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e262cc4e-6d51-4570-a829-211439df01bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**tn;& ]Ɋ& !n;&t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4380bcd0-5128-41c9-9837-5bbf1bd95bb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e262cc4e-6d51-4570-a829-211439df01bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ew**8un;& ]Ɋ& !Xn;&u F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pvn;& ]Ɋ& !Xn;&v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pwn;& ]Ɋ& !Xn;&w F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hxn;& ]Ɋ& !Xn;&x F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hyn;& ]Ɋ& !Xn;&y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**Hzn;& ]Ɋ& !Xn;&z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=JH**{n;& ]Ɋ& !n;&{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98764d34-a4f7-471f-ae35-def91f1dad35 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|}<& ]Ɋ& !}<&| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fdb1fdff-0441-483d-8950-604ae56bdafe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98764d34-a4f7-471f-ae35-def91f1dad35 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}}<& ]Ɋ& !X}<&} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPatX**p~}<& ]Ɋ& !X}<&~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginp**h}<& ]Ɋ& !X}<& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alh**`}<& ]Ɋ& !X}<& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fi`**`}<& ]Ɋ& !X}<& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`}<& ]Ɋ& !X}<& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**}<& ]Ɋ& !}<& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a14fc828-0149-4c32-b61a-604fda05293c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**}<& ]Ɋ& !}<& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ae865917-d77b-468f-b25a-905dd63105cc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a14fc828-0149-4c32-b61a-604fda05293c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(<& ]Ɋ& !X<& F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(andType= S ]Ɋ&  X<& F&  ji$T F&ndPath= CommandLine=ElfChnk0X&afMu=VysMc&&**H <& ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! '!X<& F&F%g>9{p(xlMD EventDatauoData !BinarytEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptH **@<& ]Ɋ& !X<& F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIn@**8<& ]Ɋ& !X<& F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=isp8**8<& ]Ɋ& !X<& F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8<& ]Ɋ& !X<& F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc8**<& ]Ɋ& !<& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=08c4f3e9-40c7-4cce-8114-fd2b209250c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8=& ]Ɋ& !8=& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d0e519ae-a4a6-4352-bd87-6b3a687e3dc8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=08c4f3e9-40c7-4cce-8114-fd2b209250c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa**X?& ]Ɋ& !X?& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p?& ]Ɋ& !X?& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p?& ]Ɋ& !X?& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7f3p**h?& ]Ɋ& !X?& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**h?& ]Ɋ& !X?& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B6mh**h?& ]Ɋ& !X?& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**?& ]Ɋ&  !?& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c85114d6-7d0d-4c31-9ba2-65b0e67c3d08 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**3@& ]Ɋ& !3@& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b8d7fcd9-8a46-4bec-ab0b-c5368731a201 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c85114d6-7d0d-4c31-9ba2-65b0e67c3d08 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wers**1@& ]Ɋ& '!X1@& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**1@& ]Ɋ& ?!X1@& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**1@& ]Ɋ& ;!X1@& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**1@& ]Ɋ& 3!X1@& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**1@& ]Ɋ& 3!X1@& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**1@& ]Ɋ& 5!X1@& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **01@& ]Ɋ& !1@& F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7c24804e-c147-4dc9-b374-04b93e22b326 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2c0**@dA& ]Ɋ& !dA& F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e80b088-e55b-4601-8c97-f5d7e2df453d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7c24804e-c147-4dc9-b374-04b93e22b326 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**=,) ]Ɋ& )!X=,) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam**=,) ]Ɋ& A!X=,) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**=,) ]Ɋ& =!X=,) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= A**=,) ]Ɋ& 5!X=,) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**=,) ]Ɋ& 5!X=,) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**=,) ]Ɋ& 7!X=,) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0=,) ]Ɋ& !=,) F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e150e075-07f0-4e00-a463-866d9dc5b02f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@j-) ]Ɋ& !j-) F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=49945655-cf28-4003-9afe-d8fb443d3c46 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e150e075-07f0-4e00-a463-866d9dc5b02f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xj-) ]Ɋ& !Xj-) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pj-) ]Ɋ& !Xj-) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hj-) ]Ɋ& !Xj-) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`j-) ]Ɋ& !Xj-) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`j-) ]Ɋ& !Xj-) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hj-) ]Ɋ& !Xj-) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**j-) ]Ɋ&  !j-) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=15122e06-444f-4397-a7db-7a0742c5f58a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Non**j-) ]Ɋ& !j-) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=21f1958b-5e87-4f33-97c6-b76496a52305 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=15122e06-444f-4397-a7db-7a0742c5f58a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8.) ]Ɋ& !X.) F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s 8**P.) ]Ɋ& !X.) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNP**P.) ]Ɋ& !X.) F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StaP**H.) ]Ɋ& !X.) F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H.) ]Ɋ& !X.) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H.) ]Ɋ& !X.) F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=}H**.) ]Ɋ& !.) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2de78812-122b-4fe3-aa62-524600fb67f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**.) ]Ɋ& !.) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cd4b30e5-cdbe-4c37-b587-0e439bca51ca HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2de78812-122b-4fe3-aa62-524600fb67f7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X.) ]Ɋ& !X.) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p.) ]Ɋ& !X.) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndTyp= ScriptNa ]Ɋ& = X.) F&  X<& F&  ji$T F&ndPath= CommandLine=ElfChnk(x@ReMu=VysMc&&**p.) ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X.) F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**`.) ]Ɋ& !X.) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io`**`.) ]Ɋ& !X.) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le`**`.) ]Ɋ& !X.) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**.) ]Ɋ& !.) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=855a4043-2065-4b53-b2e2-871aad12950c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**.) ]Ɋ& !.) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0d4a8c63-73b0-42fe-a096-9649fd6aaa39 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=855a4043-2065-4b53-b2e2-871aad12950c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**(//) ]Ɋ& !X//) F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@//) ]Ɋ& !X//) F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=?@**@//) ]Ɋ& !X//) F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 6@**8//) ]Ɋ& !X//) F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8//) ]Ɋ& !X//) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nst8**8//) ]Ɋ& !X//) F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.08**//) ]Ɋ& !//) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=622df4b4-3e3b-4f11-9e87-b2ca52e7e905 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **-/) ]Ɋ& !-/) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bd36087d-a6fa-4ff7-a19e-26cb9e1ac502 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=622df4b4-3e3b-4f11-9e87-b2ca52e7e905 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=?**XZ0) ]Ɋ& !XZ0) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pZ0) ]Ɋ& !XZ0) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pZ0) ]Ɋ& !XZ0) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**hZ0) ]Ɋ& !XZ0) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**hZ0) ]Ɋ& !XZ0) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**hZ0) ]Ɋ& !XZ0) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**Z0) ]Ɋ&  !Z0) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c98a33c5-7789-4d1d-8fe1-7b3b73d87b32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**1) ]Ɋ& !1) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08d29eb5-7b9a-43d6-a5d6-78f49803f164 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c98a33c5-7789-4d1d-8fe1-7b3b73d87b32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= . |***2) ]Ɋ& '!X*2) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e***2) ]Ɋ& ?!X*2) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h***2) ]Ɋ& ;!X*2) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=43d***2) ]Ɋ& 3!X*2) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&***2) ]Ɋ& 3!X*2) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d3c***2) ]Ɋ& 5!X*2) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0*2) ]Ɋ& !*2) F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2d98db44-646f-481f-8eba-f1c4f6f8ad56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@2) ]Ɋ& !2) F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2af3a1bb-46ce-4a7b-a145-c1be14b584fb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2d98db44-646f-481f-8eba-f1c4f6f8ad56 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**) ]Ɋ& )!X) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com**) ]Ɋ& A!X) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= **) ]Ɋ& =!X) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut**) ]Ɋ& 5!X) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 **) ]Ɋ& 5!X) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**) ]Ɋ& 7!X) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0) ]Ɋ& !) F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92fc6a19-dca8-4b25-8c12-b32491ace4b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@J) ]Ɋ& !J) F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d8909fe-316c-4557-bd61-1db6d631ff23 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92fc6a19-dca8-4b25-8c12-b32491ace4b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=top@**X@) ]Ɋ& !X@) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p@) ]Ɋ& !X@) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stp**h@) ]Ɋ& !X@) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`@) ]Ɋ& !X@) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n`**`@) ]Ɋ& !X@) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**h@) ]Ɋ& !X@) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Stah**@) ]Ɋ&  !@) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11416ef0-9a65-4d31-b1b3-8c5cb8fb4dc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**@) ]Ɋ& !@) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8435dc50-183b-4dc2-9a1d-b2060d86a066 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11416ef0-9a65-4d31-b1b3-8c5cb8fb4dc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**8@) ]Ɋ& !X@) F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**P@) ]Ɋ& !X@) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ueP**P@) ]Ɋ& !X@) F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P  ]Ɋ& F&ndPath= CommandLine=XElfChnk0-Z`Mu=VysMc&&**H@) ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X@) F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H@) ]Ɋ& !X@) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H@) ]Ɋ& !X@) F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**@) ]Ɋ& !@) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be40ef10-ec12-409b-9137-7437bf5f907e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**w) ]Ɋ& !w) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dad9e6bd-eae0-4ddc-9b22-755462a16df0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be40ef10-ec12-409b-9137-7437bf5f907e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Xw) ]Ɋ& !Xw) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**pw) ]Ɋ& !Xw) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**hw) ]Ɋ& !Xw) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`w) ]Ɋ& !Xw) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`w) ]Ɋ& !Xw) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`w) ]Ɋ& !Xw) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**w) ]Ɋ& !w) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=837143ef-5d58-45d0-87f0-62a6a4a835e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**w) ]Ɋ& !w) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1081ca0b-127f-4c53-b670-4a020d1c7c59 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=837143ef-5d58-45d0-87f0-62a6a4a835e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **( r) ]Ɋ& !X r) F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@ r) ]Ɋ& !X r) F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@ r) ]Ɋ& !X r) F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**8 r) ]Ɋ& !X r) F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**8 r) ]Ɋ& !X r) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**8 r) ]Ɋ& !X r) F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8** r) ]Ɋ& ! r) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8eb95eee-624f-4c00-a4fa-d3b8b0d4d6f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe** ) ]Ɋ& ! ) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8402c5b1-5e8d-482d-89f1-4e96bdc1529a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8eb95eee-624f-4c00-a4fa-d3b8b0d4d6f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**X;) ]Ɋ& !X;) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p;) ]Ɋ& !X;) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p;) ]Ɋ& !X;) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**h;) ]Ɋ& !X;) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**h;) ]Ɋ& !X;) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h;) ]Ɋ& !X;) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah**;) ]Ɋ&  !;) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c03a418-4e1b-49f2-af78-04174b7658ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**g) ]Ɋ& !g) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b2d8f78a-7ab6-45c4-88a1-1ff1190871d6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3c03a418-4e1b-49f2-af78-04174b7658ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=**g) ]Ɋ& '!Xg) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**g) ]Ɋ& ?!Xg) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **g) ]Ɋ& ;!Xg) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**g) ]Ɋ& 3!Xg) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou** g) ]Ɋ& 3!Xg)  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti** g) ]Ɋ& 5!Xg)  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0 g) ]Ɋ& !g)  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=46f90858-cfdd-44bf-a087-f108b3d3e1b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@ ) ]Ɋ& !)  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=52b2a1d4-e0be-4927-87fc-b0c429fe5b6b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=46f90858-cfdd-44bf-a087-f108b3d3e1b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9-dc@** oa, ]Ɋ& )!Xoa,  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**oa, ]Ɋ& A!Xoa, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns**oa, ]Ɋ& =!Xoa, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-1**oa, ]Ɋ& 5!Xoa, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**oa, ]Ɋ& 5!Xoa, F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**oa, ]Ɋ& 7!Xoa, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0oa, ]Ɋ& !oa, F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=87c3cc94-8fb0-4329-9a1c-e58a036ecfed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@a, ]Ɋ& !a, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ea16261b-44e1-43c3-919d-ae8282011ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=87c3cc94-8fb0-4329-9a1c-e58a036ecfed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**Xa, ]Ɋ& !Xa, F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**pa, ]Ɋ& !Xa, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**ha, ]Ɋ& !Xa, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`a, ]Ɋ& !Xa, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnkHHފJC^Mu=VysMc&&**ha, ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!Xa, F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**ha, ]Ɋ& !Xa, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**a, ]Ɋ&  !a, F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7094964e-adac-49ee-b487-06acf746f833 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ**9a, ]Ɋ& !9a, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=71c49666-8bf3-42ba-be2c-d1e426f55e3e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7094964e-adac-49ee-b487-06acf746f833 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**89a, ]Ɋ& !X9a, F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P9a, ]Ɋ& !X9a, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P9a, ]Ɋ& !X9a, F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H 9a, ]Ɋ& !X9a,  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H!9a, ]Ɋ& !X9a,! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H"9a, ]Ɋ& !X9a," F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H**#9a, ]Ɋ& !9a,# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fae551a-8630-4810-a131-3d85183ef55d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$9a, ]Ɋ& !9a,$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a2931319-c0d4-40a2-b824-b23670b89010 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fae551a-8630-4810-a131-3d85183ef55d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X%9a, ]Ɋ& !X9a,% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**p&9a, ]Ɋ& !X9a,& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**h'9a, ]Ɋ& !X9a,' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**`(9a, ]Ɋ& !X9a,( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`)9a, ]Ɋ& !X9a,) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`*9a, ]Ɋ& !X9a,* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**+9a, ]Ɋ& !9a,+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7956214f-ad86-45b2-adee-ab186018b242 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,4a, ]Ɋ& !4a,, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c8a4d601-011a-4686-9c35-aee0637c19b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7956214f-ad86-45b2-adee-ab186018b242 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**(-4a, ]Ɋ& !X4a,- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@.4a, ]Ɋ& !X4a,. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@/4a, ]Ɋ& !X4a,/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**804a, ]Ɋ& !X4a,0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**814a, ]Ɋ& !X4a,1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b6-8**824a, ]Ɋ& !X4a,2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**34a, ]Ɋ& !4a,3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=62747d21-23d0-47bd-b20a-0862ed9e6ad0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**4ja, ]Ɋ& !ja,4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e857b70d-04ed-4393-842c-6b7993a88c29 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=62747d21-23d0-47bd-b20a-0862ed9e6ad0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**X54a, ]Ɋ& !X4a,5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p64a, ]Ɋ& !X4a,6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**p74a, ]Ɋ& !X4a,7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**h84a, ]Ɋ& !X4a,8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**h94a, ]Ɋ& !X4a,9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**h:4a, ]Ɋ& !X4a,: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**;4a, ]Ɋ&  !4a,; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f8fb7e4b-164a-4759-bcf5-3da837e12255 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**<$a, ]Ɋ& !$a,< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5961b19d-7229-491d-9683-c28a4b6906c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f8fb7e4b-164a-4759-bcf5-3da837e12255 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio**=$a, ]Ɋ& '!X$a,= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**>$a, ]Ɋ& ?!X$a,> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**?$a, ]Ɋ& ;!X$a,? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne**@$a, ]Ɋ& 3!X$a,@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **A$a, ]Ɋ& 3!X$a,A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP**B$a, ]Ɋ& 5!X$a,B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0Cea, ]Ɋ& !ea,C F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ef942dde-63ce-4588-8257-49ca97b14269 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@DQa, ]Ɋ& !Qa,D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c3344a6a-69c7-4ef4-b65b-59eae9ff1051 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ef942dde-63ce-4588-8257-49ca97b14269 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**EX. ]Ɋ& )!XX.E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**FX. ]Ɋ& A!XX.F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**GX. ]Ɋ& =!XX.G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**HX. ]Ɋ& 5!XX.H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icXX.I F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnkIyIypev.PMu=VysMc&&**IX. ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XX.I F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **JX. ]Ɋ& 7!XX.J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0K. ]Ɋ& !.K F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6446a15d-8bdf-4a53-a421-55f70db99ac7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@L. ]Ɋ& !.L F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=da0e3ca9-d5be-472a-b4a1-1cd96e0b87ac HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6446a15d-8bdf-4a53-a421-55f70db99ac7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**XM. ]Ɋ& !X.M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**pN. ]Ɋ& !X.N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**hO. ]Ɋ& !X.O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`P. ]Ɋ& !X.P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`Q. ]Ɋ& !X.Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hR. ]Ɋ& !X.R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**S. ]Ɋ&  !.S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9a389d9a-01ea-4fb7-ba9a-d9c5dd01322b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **T. ]Ɋ& !.T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e00621b2-b77d-490b-8bba-71bdc668c806 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9a389d9a-01ea-4fb7-ba9a-d9c5dd01322b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8UvF. ]Ɋ& !XvF.U F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**PVvF. ]Ɋ& !XvF.V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**PWvF. ]Ɋ& !XvF.W F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**HXvF. ]Ɋ& !XvF.X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**HYvF. ]Ɋ& !XvF.Y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**HZvF. ]Ɋ& !XvF.Z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**[vF. ]Ɋ& !vF.[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3ccd35a-bf00-4485-aaf4-cc58eab1d1ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**\vF. ]Ɋ& !vF.\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8235ac3a-c41a-4d51-8fa5-7c277c9c454e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3ccd35a-bf00-4485-aaf4-cc58eab1d1ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X]vF. ]Ɋ& !XvF.] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p^vF. ]Ɋ& !XvF.^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h_vF. ]Ɋ& !XvF._ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**``vF. ]Ɋ& !XvF.` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`avF. ]Ɋ& !XvF.a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`bvF. ]Ɋ& !XvF.b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**cvF. ]Ɋ& !vF.c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=39ae1a80-8d97-47a6-aa86-a364eac32ad4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**d . ]Ɋ& ! .d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=abd55127-c0eb-40d6-8912-f4af98fbb3ab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=39ae1a80-8d97-47a6-aa86-a364eac32ad4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(e . ]Ɋ& !X .e F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3(**@f . ]Ɋ& !X .f F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@g . ]Ɋ& !X .g F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6@**8h . ]Ɋ& !X .h F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8i . ]Ɋ& !X .i F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8j . ]Ɋ& !X .j F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**k . ]Ɋ& ! .k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4f53cd26-8b5a-400d-9459-976658eaeb10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**lw. ]Ɋ& !w.l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3c111c4e-231e-40f6-b939-e05d9bea2238 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4f53cd26-8b5a-400d-9459-976658eaeb10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**XmW<. ]Ɋ& !XW<.m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pnW<. ]Ɋ& !XW<.n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**poW<. ]Ɋ& !XW<.o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hpW<. ]Ɋ& !XW<.p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hqW<. ]Ɋ& !XW<.q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ae9h**hrW<. ]Ɋ& !XW<.r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**sW<. ]Ɋ&  !W<.s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f2dc992-1e3a-4c59-8ed4-29216fe31cf2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**t. ]Ɋ& !.t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c4f0b996-bc2c-4172-b0b4-d454593b59cf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f2dc992-1e3a-4c59-8ed4-29216fe31cf2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**u. ]Ɋ& '!X.u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**v. ]Ɋ& ?!X.v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**w. ]Ɋ& ;!X.w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **x. ]Ɋ& 3!X.x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**y. ]Ɋ& 3!X.y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& X.z F&I F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnkzzp(6NMu=VysMc&&** z. ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X.z F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=472 **0{. ]Ɋ& !.{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f96246a3-854e-4e53-b0df-27e6347c9123 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@|. ]Ɋ& !.| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d17e0cff-89e1-4941-be21-adcfcfb3dfd8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f96246a3-854e-4e53-b0df-27e6347c9123 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**}׉b1 ]Ɋ& )!X׉b1} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**~׉b1 ]Ɋ& A!X׉b1~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **׉b1 ]Ɋ& =!X׉b1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**׉b1 ]Ɋ& 5!X׉b1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**׉b1 ]Ɋ& 5!X׉b1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **׉b1 ]Ɋ& 7!X׉b1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0׉b1 ]Ɋ& !׉b1 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e46cb7cc-0129-4d77-9719-92dbb9446fcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@c1 ]Ɋ& !c1 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ffbe713-a0b8-4a7a-90d0-895835e7612a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e46cb7cc-0129-4d77-9719-92dbb9446fcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**Xc1 ]Ɋ& !Xc1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pc1 ]Ɋ& !Xc1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hc1 ]Ɋ& !Xc1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`c1 ]Ɋ& !Xc1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`c1 ]Ɋ& !Xc1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hc1 ]Ɋ& !Xc1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**c1 ]Ɋ&  !c1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=09a82986-c930-4e83-9322-4a5b9ddfaafe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**Sd1 ]Ɋ& !Sd1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0d1be7c0-6207-4dda-9a0a-679cf827ab98 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=09a82986-c930-4e83-9322-4a5b9ddfaafe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8Sd1 ]Ɋ& !XSd1 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**PSd1 ]Ɋ& !XSd1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**PSd1 ]Ɋ& !XSd1 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**HSd1 ]Ɋ& !XSd1 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**HSd1 ]Ɋ& !XSd1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ftVoH**HSd1 ]Ɋ& !XSd1 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ritH**Sd1 ]Ɋ& !Sd1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37b12daa-9340-4c1c-8452-9c5485dbd07e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**Sd1 ]Ɋ& !Sd1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4449f153-4987-4732-a3c5-dbcde0f5f2d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37b12daa-9340-4c1c-8452-9c5485dbd07e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**XSd1 ]Ɋ& !XSd1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US;X**pSd1 ]Ɋ& !XSd1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostVp**hSd1 ]Ɋ& !XSd1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`Sd1 ]Ɋ& !XSd1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*`**`Sd1 ]Ɋ& !XSd1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru`**`Sd1 ]Ɋ& !XSd1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**Sd1 ]Ɋ& !Sd1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2fcb4b3-48e1-43b5-93a5-dc01b1c0f2dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**1d1 ]Ɋ& !1d1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f80287ff-cdc4-4672-9aae-2082c1a2344e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2fcb4b3-48e1-43b5-93a5-dc01b1c0f2dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(1d1 ]Ɋ& !X1d1 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2(**@1d1 ]Ɋ& !X1d1 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0@**@1d1 ]Ɋ& !X1d1 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**81d1 ]Ɋ& !X1d1 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**81d1 ]Ɋ& !X1d1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**81d1 ]Ɋ& !X1d1 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**1d1 ]Ɋ& !1d1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=71b7db1f-e710-4390-87c0-298ac5a7e1d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**DŽe1 ]Ɋ& !DŽe1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=882d6c46-8d84-4b56-ae16-77b82281871d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=71b7db1f-e710-4390-87c0-298ac5a7e1d9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**Xf1 ]Ɋ& !Xf1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**pf1 ]Ɋ& !Xf1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**pf1 ]Ɋ& !Xf1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**hf1 ]Ɋ& !Xf1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hf1 ]Ɋ& !Xf1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hf1 ]Ɋ& !Xf1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**f1 ]Ɋ&  !f1 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0b87ddc-5362-4887-878e-f19750f3e59e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sbe.properties ]Ɋ& Cu!g1 F&n-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& X.z F&I F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnkxyMu=VysMc&&** !g1 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!g1 F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6bcab560-2da3-47c8-9753-a0ea5c188890 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0b87ddc-5362-4887-878e-f19750f3e59e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **!g1 ]Ɋ& '!X!g1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!g1 ]Ɋ& ?!X!g1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!g1 ]Ɋ& ;!X!g1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**!g1 ]Ɋ& 3!X!g1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!g1 ]Ɋ& 3!X!g1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**!g1 ]Ɋ& 5!X!g1 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0!g1 ]Ɋ& !!g1 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5441b58b-74ba-4727-af6d-42c094eb5007 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@Ni1 ]Ɋ& !Ni1 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=037be9cb-09d5-41a3-b782-aea1b501f712 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5441b58b-74ba-4727-af6d-42c094eb5007 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**Kxs3 ]Ɋ& )!XKxs3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**Kxs3 ]Ɋ& A!XKxs3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid**Kxs3 ]Ɋ& =!XKxs3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**Kxs3 ]Ɋ& 5!XKxs3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **Kxs3 ]Ɋ& 5!XKxs3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**Kxs3 ]Ɋ& 7!XKxs3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0Kxs3 ]Ɋ& !Kxs3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa41649a-d20b-4d03-8f16-e28c72254d4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@3|ys3 ]Ɋ& !3|ys3 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=522c6eb0-03ff-49fc-a367-9e77f86503df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa41649a-d20b-4d03-8f16-e28c72254d4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X{s3 ]Ɋ& !X{s3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p{s3 ]Ɋ& !X{s3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h{s3 ]Ɋ& !X{s3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`{s3 ]Ɋ& !X{s3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`{s3 ]Ɋ& !X{s3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**h{s3 ]Ɋ& !X{s3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh**{s3 ]Ɋ&  !{s3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0e8fe0a8-26ed-4ff3-b861-6e0b1fe51ef7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped **{s3 ]Ɋ& !{s3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6b05d91-84d3-47d2-8f01-50ed2b3e0cb4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0e8fe0a8-26ed-4ff3-b861-6e0b1fe51ef7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**8$w|s3 ]Ɋ& !X$w|s3 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**P$w|s3 ]Ɋ& !X$w|s3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**P$w|s3 ]Ɋ& !X$w|s3 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**H$w|s3 ]Ɋ& !X$w|s3 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**H$w|s3 ]Ɋ& !X$w|s3 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H$w|s3 ]Ɋ& !X$w|s3 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1H**$w|s3 ]Ɋ& !$w|s3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d27aad48-79fb-4eaa-8f9a-8b0c2d61c353 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**$w|s3 ]Ɋ& !$w|s3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fca4104c-f108-4151-8343-b212b72d44f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d27aad48-79fb-4eaa-8f9a-8b0c2d61c353 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}s3 ]Ɋ& !X}s3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**p}s3 ]Ɋ& !X}s3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**h}s3 ]Ɋ& !X}s3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`}s3 ]Ɋ& !X}s3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`}s3 ]Ɋ& !X}s3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`}s3 ]Ɋ& !X}s3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**}s3 ]Ɋ& !}s3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31d68ac7-eca1-4143-92b7-0728e27329dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Q}s3 ]Ɋ& !Q}s3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ac9e873a-4316-45ce-849f-85a97fc46d6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31d68ac7-eca1-4143-92b7-0728e27329dd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9 **(@~s3 ]Ɋ& !X@~s3 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@@~s3 ]Ɋ& !X@~s3 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@@~s3 ]Ɋ& !X@~s3 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8@~s3 ]Ɋ& !X@~s3 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8@~s3 ]Ɋ& !X@~s3 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8@~s3 ]Ɋ& !X@~s3 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8**@~s3 ]Ɋ& !@~s3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a0108d3f-732f-46eb-8634-95a342295c54 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**~~s3 ]Ɋ& !~~s3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c12059a6-53fd-42f8-a433-ce585f7dc825 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a0108d3f-732f-46eb-8634-95a342295c54 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**X2s3 ]Ɋ& !X2s3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p2s3 ]Ɋ& !X2s3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX2s3 F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnk8e/7Mu=VysMc&&**p 2s3 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!X2s3 F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **h2s3 ]Ɋ& !X2s3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h2s3 ]Ɋ& !X2s3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h2s3 ]Ɋ& !X2s3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**2s3 ]Ɋ&  !2s3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d3f1477-2329-41ab-b57a-d0fe67e0555c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b5**6s3 ]Ɋ& !6s3 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0d7ba7c6-f7a5-45fb-bc22-4c09e0752fa1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1d3f1477-2329-41ab-b57a-d0fe67e0555c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De**_τs3 ]Ɋ& '!X_τs3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**_τs3 ]Ɋ& ?!X_τs3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**_τs3 ]Ɋ& ;!X_τs3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel**_τs3 ]Ɋ& 3!X_τs3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**_τs3 ]Ɋ& 3!X_τs3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll **_τs3 ]Ɋ& 5!X_τs3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0_τs3 ]Ɋ& !_τs3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9cd3fa3e-ec8f-4a3e-a9c6-e9ef028f7ce9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@s3 ]Ɋ& !s3 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4cc9a216-def3-4d28-b28a-f2779ab9c54c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9cd3fa3e-ec8f-4a3e-a9c6-e9ef028f7ce9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**S a5 ]Ɋ& )!XS a5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3**S a5 ]Ɋ& A!XS a5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **S a5 ]Ɋ& =!XS a5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**S a5 ]Ɋ& 5!XS a5 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl**S a5 ]Ɋ& 5!XS a5 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **S a5 ]Ɋ& 7!XS a5 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0S a5 ]Ɋ& !S a5 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b3db63f-84db-4a81-8ccb-7b7d16323432 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@=b5 ]Ɋ& !=b5 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb0aecd5-1c96-4514-bd63-f23fad38f2e2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b3db63f-84db-4a81-8ccb-7b7d16323432 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**Xb5 ]Ɋ& !Xb5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**pb5 ]Ɋ& !Xb5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**hb5 ]Ɋ& !Xb5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`b5 ]Ɋ& !Xb5 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`b5 ]Ɋ& !Xb5 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**hb5 ]Ɋ& !Xb5 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**b5 ]Ɋ&  !b5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed4b1661-cc6e-42e2-b55b-43e2eba1ddba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=104c**b5 ]Ɋ& !b5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d5e1e33-9336-40d5-8535-b5219f1ae34f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed4b1661-cc6e-42e2-b55b-43e2eba1ddba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=34**8b5 ]Ɋ& !Xb5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**Pb5 ]Ɋ& !Xb5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**Pb5 ]Ɋ& !Xb5 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**Hb5 ]Ɋ& !Xb5 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**Hb5 ]Ɋ& !Xb5 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**Hb5 ]Ɋ& !Xb5 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**b5 ]Ɋ& !b5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a599edff-094f-4c8d-9e8a-23b34e59165a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**nc5 ]Ɋ& !nc5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72f4706a-0447-4adc-ba1e-199521ad0339 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a599edff-094f-4c8d-9e8a-23b34e59165a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xnc5 ]Ɋ& !Xnc5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**pnc5 ]Ɋ& !Xnc5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hnc5 ]Ɋ& !Xnc5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`nc5 ]Ɋ& !Xnc5 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**` nc5 ]Ɋ& !Xnc5  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**` nc5 ]Ɋ& !Xnc5  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`** nc5 ]Ɋ& !nc5  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4538785-d964-4618-af16-e7e17455109e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N** nc5 ]Ɋ& !nc5  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bc30d65e-4074-4805-b3ed-a961dbdc0d33 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4538785-d964-4618-af16-e7e17455109e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**( Cd5 ]Ɋ& !XCd5  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@Cd5 ]Ɋ& !XCd5 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@Cd5 ]Ɋ& !XCd5 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8Cd5 ]Ɋ& !XCd5 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etXCd5 F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX2s3 F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa, F&dLine=XElfChnkBBG@~Mu=VysMc&&**8 Cd5 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XCd5 F&F%g>9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8Cd5 ]Ɋ& !XCd5 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**Cd5 ]Ɋ& !Cd5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=129c8a4c-fcd0-4bc3-afc6-8d75ff1bc126 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA**ڟd5 ]Ɋ& !ڟd5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d1d054c9-c2db-4aaf-a4b8-8ce5ea13aad9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=129c8a4c-fcd0-4bc3-afc6-8d75ff1bc126 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**Xif5 ]Ɋ& !Xif5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pif5 ]Ɋ& !Xif5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7p**pif5 ]Ɋ& !Xif5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**hif5 ]Ɋ& !Xif5 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**hif5 ]Ɋ& !Xif5 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**hif5 ]Ɋ& !Xif5 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh**if5 ]Ɋ&  !if5 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=71e3d6dd-4a18-4585-b2e2-1edc130d0007 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**4g5 ]Ɋ& !4g5 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f258033e-4185-4e21-8d87-ce5be0b07074 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=71e3d6dd-4a18-4585-b2e2-1edc130d0007 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine**h5 ]Ɋ& '!Xh5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**h5 ]Ɋ& ?!Xh5 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**h5 ]Ɋ& ;!Xh5 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** h5 ]Ɋ& 3!Xh5  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh**!h5 ]Ɋ& 3!Xh5! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**"h5 ]Ɋ& 5!Xh5" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0#di5 ]Ɋ& !di5# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=21099736-2024-457d-b7f6-c5023ab07bc6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@$$i5 ]Ɋ& !$i5$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cc207a26-c8ab-433e-82b2-c1375dc92bfa HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=21099736-2024-457d-b7f6-c5023ab07bc6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@**%8 ]Ɋ& )!X8% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535-**&8 ]Ɋ& A!X8& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**'8 ]Ɋ& =!X8' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **(8 ]Ɋ& 5!X8( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**)8 ]Ɋ& 5!X8) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b***8 ]Ɋ& 7!X8* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0+&8 ]Ɋ& !&8+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c3acd911-97fd-45bf-876e-3faade63c6d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=10**@,08 ]Ɋ& !08, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=845e3622-ae1e-47e6-8ae5-242ffada6e40 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c3acd911-97fd-45bf-876e-3faade63c6d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**X-Sɳ8 ]Ɋ& !XSɳ8- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**p.Sɳ8 ]Ɋ& !XSɳ8. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**h/Sɳ8 ]Ɋ& !XSɳ8/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**`0Sɳ8 ]Ɋ& !XSɳ80 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`1Sɳ8 ]Ɋ& !XSɳ81 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h2Sɳ8 ]Ɋ& !XSɳ82 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh**3Sɳ8 ]Ɋ&  !Sɳ83 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=106f63fa-49c5-4c43-8937-05ccee547748 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe**4Sɳ8 ]Ɋ& !Sɳ84 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=435db33d-a377-4d0f-b29c-c524640d46d2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=106f63fa-49c5-4c43-8937-05ccee547748 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**85Sɳ8 ]Ɋ& !XSɳ85 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P6Sɳ8 ]Ɋ& !XSɳ86 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**P7Sɳ8 ]Ɋ& !XSɳ87 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**H8Sɳ8 ]Ɋ& !XSɳ88 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**H9Sɳ8 ]Ɋ& !XSɳ89 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**H:Sɳ8 ]Ɋ& !XSɳ8: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH**;Sɳ8 ]Ɋ& !Sɳ8; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84e1bc7e-244f-42b3-ad36-180e83fc8dd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553**<Sɳ8 ]Ɋ& !Sɳ8< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3116b1d4-6b56-4eb9-982f-55b37564886a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84e1bc7e-244f-42b3-ad36-180e83fc8dd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X=a8 ]Ɋ& !Xa8= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**p>a8 ]Ɋ& !Xa8> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h?a8 ]Ɋ& !Xa8? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**`@a8 ]Ɋ& !Xa8@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Aa8 ]Ɋ& !Xa8A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**`Ba8 ]Ɋ& !Xa8B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnkCsCs`;!ksgMu=VysMc&&**Ca8 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !a8C F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=afa69d14-53f8-4292-81ab-ebb1b2637d2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**Da8 ]Ɋ& !a8D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6f9cf294-1a6f-4c54-87f6-cd51873b3f88 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=afa69d14-53f8-4292-81ab-ebb1b2637d2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **(Ea8 ]Ɋ& !Xa8E F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@Fa8 ]Ɋ& !Xa8F F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@Ga8 ]Ɋ& !Xa8G F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**8Ha8 ]Ɋ& !Xa8H F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**8Ia8 ]Ɋ& !Xa8I F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**8Ja8 ]Ɋ& !Xa8J F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**Ka8 ]Ɋ& !a8K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b140884f-44be-45f0-ae67-4156885b0801 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**L8 ]Ɋ& !8L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9245946d-e602-45cb-b223-707abdd4cf16 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b140884f-44be-45f0-ae67-4156885b0801 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**XM+8 ]Ɋ& !X+8M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pN+8 ]Ɋ& !X+8N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**pO+8 ]Ɋ& !X+8O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**hP+8 ]Ɋ& !X+8P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**hQ+8 ]Ɋ& !X+8Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**hR+8 ]Ɋ& !X+8R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah**S+8 ]Ɋ&  !+8S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df907272-f599-43ef-9103-21feb713f3e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**TCĶ8 ]Ɋ& !CĶ8T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=03d8ef3e-0a8d-422c-8104-7beb3fddbb4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df907272-f599-43ef-9103-21feb713f3e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**U\8 ]Ɋ& '!X\8U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**V\8 ]Ɋ& ?!X\8V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**W\8 ]Ɋ& ;!X\8W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X\8 ]Ɋ& 3!X\8X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**Y\8 ]Ɋ& 3!X\8Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Z\8 ]Ɋ& 5!X\8Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**0[\8 ]Ɋ& !\8[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=05876c6f-963b-4aae-8aba-254571cdc24e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@\p8 ]Ɋ& !p8\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7b28b91e-b29b-47f2-b090-6082581e48b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=05876c6f-963b-4aae-8aba-254571cdc24e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**]Dvd: ]Ɋ& )!XDvd:] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**^Dvd: ]Ɋ& A!XDvd:^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7-4d**_Dvd: ]Ɋ& =!XDvd:_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **`Dvd: ]Ɋ& 5!XDvd:` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**aDvd: ]Ɋ& 5!XDvd:a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**bDvd: ]Ɋ& 7!XDvd:b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0cDvd: ]Ɋ& !Dvd:c F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=51b7816b-1aa6-4f25-958a-5d8c56864c7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@dqd: ]Ɋ& !qd:d F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3c39e394-488d-4b77-b0ba-e80e0d02fae2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=51b7816b-1aa6-4f25-958a-5d8c56864c7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**Xeqd: ]Ɋ& !Xqd:e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**pfqd: ]Ɋ& !Xqd:f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**hgqd: ]Ɋ& !Xqd:g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**`hqd: ]Ɋ& !Xqd:h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`iqd: ]Ɋ& !Xqd:i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**hjqd: ]Ɋ& !Xqd:j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**kqd: ]Ɋ&  !qd:k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=42937415-c2bd-4f5f-8aa5-dcf0e0cb744c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand**l@d: ]Ɋ& !@d:l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cca60c59-7358-4f35-9cac-8e36668177e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=42937415-c2bd-4f5f-8aa5-dcf0e0cb744c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8m@d: ]Ɋ& !X@d:m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**Pn@d: ]Ɋ& !X@d:n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**Po@d: ]Ɋ& !X@d:o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**Hp@d: ]Ɋ& !X@d:p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**Hq@d: ]Ɋ& !X@d:q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**Hr@d: ]Ɋ& !X@d:r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH**s@d: ]Ɋ& !@d:s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ebc077b8-94bf-40aa-bcf7-38a2ad46b5fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= Comm@d:ElfChnkttH Q}I0Mu=VysMc&&**t@d: ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !@d:t F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0ace34af-bbba-4ef1-96e0-2d91e6e05d73 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ebc077b8-94bf-40aa-bcf7-38a2ad46b5fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**Xud: ]Ɋ& !Xd:u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pvd: ]Ɋ& !Xd:v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hwd: ]Ɋ& !Xd:w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`xd: ]Ɋ& !Xd:x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`yd: ]Ɋ& !Xd:y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`zd: ]Ɋ& !Xd:z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**{d: ]Ɋ& !d:{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d9bd38a1-00b9-4cee-a754-ef5d35c20055 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|d: ]Ɋ& !d:| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3b4963d5-b9ed-487e-808c-64b6b01db420 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d9bd38a1-00b9-4cee-a754-ef5d35c20055 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(}d: ]Ɋ& !Xd:} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8(**@~d: ]Ɋ& !Xd:~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@d: ]Ɋ& !Xd: F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8d: ]Ɋ& !Xd: F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8d: ]Ɋ& !Xd: F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8d: ]Ɋ& !Xd: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**d: ]Ɋ& !d: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e85fce9d-32dc-4d4a-92e2-8badd9652e7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ** d: ]Ɋ& ! d: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=06ade117-ff30-43dc-bf65-d2ec21d938d8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e85fce9d-32dc-4d4a-92e2-8badd9652e7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**Xbd: ]Ɋ& !Xbd: F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pbd: ]Ɋ& !Xbd: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pbd: ]Ɋ& !Xbd: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hbd: ]Ɋ& !Xbd: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hbd: ]Ɋ& !Xbd: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hbd: ]Ɋ& !Xbd: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**bd: ]Ɋ&  !bd: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7c2497c-74ee-4f74-bdb1-4a30c9d921ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**d: ]Ɋ& !d: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=566a335c-57d3-41c2-8841-8ce5570023f7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7c2497c-74ee-4f74-bdb1-4a30c9d921ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**d: ]Ɋ& '!Xd: F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **d: ]Ɋ& ?!Xd: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**d: ]Ɋ& ;!Xd: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**d: ]Ɋ& 3!Xd: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **d: ]Ɋ& 3!Xd: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**d: ]Ɋ& 5!Xd: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0d: ]Ɋ& !d: F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e625b503-5069-4461-a029-e365bc3a8f55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@%ld: ]Ɋ& !%ld: F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4cd91e4a-3b18-4fc5-9f63-84539d2c56fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e625b503-5069-4461-a029-e365bc3a8f55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-5d8@**=M< ]Ɋ& )!X=M< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**=M< ]Ɋ& A!X=M< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**=M< ]Ɋ& =!X=M< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8e**=M< ]Ɋ& 5!X=M< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**=M< ]Ɋ& 5!X=M< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**=M< ]Ɋ& 7!X=M< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0< ]Ɋ& !< F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd3e8ca5-6010-4f7c-9923-561e215c074b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@j~< ]Ɋ& !j~< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=34c51cb0-f292-433a-ab88-f914196f5f1b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd3e8ca5-6010-4f7c-9923-561e215c074b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X< ]Ɋ& !X< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p< ]Ɋ& !X< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h< ]Ɋ& !X< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`< ]Ɋ& !X< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`< ]Ɋ& !X< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**h< ]Ɋ& !X< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**< ]Ɋ&  !< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f6b493c2-3339-43c4-964c-e2c890ec165a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!@d: ]Ɋ& at< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f6b493c2-3339-43c4-964c-e2c890ec165a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@L;0Mu=VysMc&&**< ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !< F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e8ef99da-aa25-4c68-8438-a5d6bad97751 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f6b493c2-3339-43c4-964c-e2c890ec165a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8< ]Ɋ& !X< F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**P< ]Ɋ& !X< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**P< ]Ɋ& !X< F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**H< ]Ɋ& !X< F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**H< ]Ɋ& !X< F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**H< ]Ɋ& !X< F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**< ]Ɋ& !< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08c67280-9c66-4414-8e95-6c50d0910e93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8c095b66-a054-44fa-8a66-1107125f610b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08c67280-9c66-4414-8e95-6c50d0910e93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X< ]Ɋ& !X< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**p< ]Ɋ& !X< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**h< ]Ɋ& !X< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f6h**`< ]Ɋ& !X< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**`< ]Ɋ& !X< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`< ]Ɋ& !X< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**< ]Ɋ& !< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27560597-559b-42dd-bf93-ae76e4e1eb92 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=14961fe3-2b01-4c05-9fc0-ddb699c6d2c3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27560597-559b-42dd-bf93-ae76e4e1eb92 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**(-H< ]Ɋ& !X-H< F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@-H< ]Ɋ& !X-H< F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@-H< ]Ɋ& !X-H< F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**8-H< ]Ɋ& !X-H< F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**8-H< ]Ɋ& !X-H< F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**8-H< ]Ɋ& !X-H< F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8**-H< ]Ɋ& !-H< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=30a8cc45-2536-4fcc-bb40-2c971f517126 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5873e111-ea10-4f3c-92e5-1503e1bda83e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=30a8cc45-2536-4fcc-bb40-2c971f517126 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**X< ]Ɋ& !X< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**p< ]Ɋ& !X< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**p< ]Ɋ& !X< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**h< ]Ɋ& !X< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**h< ]Ɋ& !X< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**h< ]Ɋ& !X< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h**< ]Ɋ&  !< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df1355b2-757f-4875-9d68-c4985e7f90c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efe5dcdc-12d4-45f1-914c-c7f491933b92 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=df1355b2-757f-4875-9d68-c4985e7f90c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma**< ]Ɋ& '!X< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**< ]Ɋ& ?!X< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**< ]Ɋ& ;!X< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **< ]Ɋ& 3!X< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**< ]Ɋ& 3!X< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**< ]Ɋ& 5!X< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0< ]Ɋ& !< F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5dd0d2e9-a42a-46f0-bcab-97f48d54adc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@ۙ< ]Ɋ& !ۙ< F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e1303ad-efc4-4f16-88b5-4bdd8e214e60 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5dd0d2e9-a42a-46f0-bcab-97f48d54adc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**τl> ]Ɋ& )!Xτl> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**τl> ]Ɋ& A!Xτl> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**τl> ]Ɋ& =!Xτl> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**τl> ]Ɋ& 5!Xτl> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**τl> ]Ɋ& 5!Xτl> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**τl> ]Ɋ& 7!Xτl> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0fl> ]Ɋ& !fl> F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98c3843c-bee2-47f6-a447-fb7418258152 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@l> ]Ɋ& !l> F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=82c4e701-73e4-4b45-8db7-811d258700a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=98c3843c-bee2-47f6-a447-fb7418258152 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=890@165a Pipel ]Ɋ& meXNl> F&e=ElfChnkHQk88Mu=VysMc&&**XNl> ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!XNl> F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pNl> ]Ɋ& !XNl> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**hNl> ]Ɋ& !XNl> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`Nl> ]Ɋ& !XNl> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`Nl> ]Ɋ& !XNl> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hNl> ]Ɋ& !XNl> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h**Nl> ]Ɋ&  !Nl> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=68dfdec7-f98b-45fb-9e32-37bcc378ea51 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=<**Nl> ]Ɋ& !Nl> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=01dc0ea7-c7ba-498c-b624-2af2d4a19363 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=68dfdec7-f98b-45fb-9e32-37bcc378ea51 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8)l> ]Ɋ& !X)l> F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P)l> ]Ɋ& !X)l> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P)l> ]Ɋ& !X)l> F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H)l> ]Ɋ& !X)l> F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H)l> ]Ɋ& !X)l> F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**H)l> ]Ɋ& !X)l> F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**)l> ]Ɋ& !)l> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48a73f2d-57ee-4b48-8062-703e9ef0f7b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**)l> ]Ɋ& !)l> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c6350f72-69ed-47a5-90cc-b512eab3f661 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48a73f2d-57ee-4b48-8062-703e9ef0f7b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X)l> ]Ɋ& !X)l> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p)l> ]Ɋ& !X)l> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h)l> ]Ɋ& !X)l> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`)l> ]Ɋ& !X)l> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`)l> ]Ɋ& !X)l> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`)l> ]Ɋ& !X)l> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**l> ]Ɋ& !l> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=35e2e640-c72c-4344-826b-793455fe576f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**l> ]Ɋ& !l> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=beef7c81-6a30-4426-999a-9785ba04226a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=35e2e640-c72c-4344-826b-793455fe576f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(l> ]Ɋ& !Xl> F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@l> ]Ɋ& !Xl> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8@**@l> ]Ɋ& !Xl> F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8l> ]Ɋ& !Xl> F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8l> ]Ɋ& !Xl> F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==ef8**8l> ]Ɋ& !Xl> F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**l> ]Ɋ& !l> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=594051b4-b24b-4cef-b240-b3648211aa82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**l> ]Ɋ& !l> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e5fdb048-a6be-4b0b-9674-663b7df54ff6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=594051b4-b24b-4cef-b240-b3648211aa82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**Xzl> ]Ɋ& !Xzl> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pzl> ]Ɋ& !Xzl> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pzl> ]Ɋ& !Xzl> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**hzl> ]Ɋ& !Xzl> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hzl> ]Ɋ& !Xzl> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hzl> ]Ɋ& !Xzl> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**zl> ]Ɋ&  !zl> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27a498ba-6a32-4763-bdf6-bf24ca23b6f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Gl> ]Ɋ& !Gl> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a84de6cc-398f-4f27-a458-79387f955f13 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27a498ba-6a32-4763-bdf6-bf24ca23b6f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **Gl> ]Ɋ& '!XGl> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**Gl> ]Ɋ& ?!XGl> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**Gl> ]Ɋ& ;!XGl> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**Gl> ]Ɋ& 3!XGl> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**Gl> ]Ɋ& 3!XGl> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**Gl> ]Ɋ& 5!XGl> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0Gl> ]Ɋ& !Gl> F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e100a217-b779-4470-88cb-83a4015f0546 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@tDl> ]Ɋ& !tDl> F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6fe9314d-a036-4d31-8315-49bac4558350 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e100a217-b779-4470-88cb-83a4015f0546 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 @pelineId=  ]Ɋ& maXv@ F&165a Pipel ]Ɋ& meXNl> F&e=ElfChnk66hP<ŐU{[Mu=VysMc&&**v@ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xv@ F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**v@ ]Ɋ& A!Xv@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**v@ ]Ɋ& =!Xv@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**v@ ]Ɋ& 5!Xv@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l ** v@ ]Ɋ& 5!Xv@  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=01** v@ ]Ɋ& 7!Xv@  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0 v@ ]Ɋ& !v@  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b9875153-c551-443f-8118-05fe45a9045f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@ @ ]Ɋ& !@  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2137e0ab-5345-48b4-b363-bee811922148 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b9875153-c551-443f-8118-05fe45a9045f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**X :@ ]Ɋ& !X:@  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p:@ ]Ɋ& !X:@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**h:@ ]Ɋ& !X:@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`:@ ]Ɋ& !X:@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`:@ ]Ɋ& !X:@ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h:@ ]Ɋ& !X:@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth**:@ ]Ɋ&  !:@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=127ac5d9-ed2d-4ec6-8634-abefcbfe5158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **6@ ]Ɋ& !6@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7a6aaf08-eb3b-4cde-8c69-1c3227548bf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=127ac5d9-ed2d-4ec6-8634-abefcbfe5158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8g@ ]Ɋ& !Xg@ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**Pg@ ]Ɋ& !Xg@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**Pg@ ]Ɋ& !Xg@ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**Hg@ ]Ɋ& !Xg@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**Hg@ ]Ɋ& !Xg@ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hg@ ]Ɋ& !Xg@ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=>H**g@ ]Ɋ& !g@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4a1834f-1c84-4a8e-b490-a71ebf60fb1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**g@ ]Ɋ& !g@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ba52473-be32-471c-b894-a087e5982a67 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4a1834f-1c84-4a8e-b490-a71ebf60fb1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xg@ ]Ɋ& !Xg@ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pg@ ]Ɋ& !Xg@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**hg@ ]Ɋ& !Xg@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**` g@ ]Ɋ& !Xg@  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**`!g@ ]Ɋ& !Xg@! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`"g@ ]Ɋ& !Xg@" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**#g@ ]Ɋ& !g@# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7a57d34c-02bf-46be-b424-227bde0470ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **$g@ ]Ɋ& !g@$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e7046f19-7117-4d1d-a1b0-d4281595600c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7a57d34c-02bf-46be-b424-227bde0470ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(%@ ]Ɋ& !X@% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@&@ ]Ɋ& !X@& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@'@ ]Ɋ& !X@' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8(@ ]Ɋ& !X@( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8)@ ]Ɋ& !X@) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8*@ ]Ɋ& !X@* F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**+@ ]Ɋ& !@+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=85bd44a1-2cb6-4cd8-860d-4f0070bca7d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,*@ ]Ɋ& !*@, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3bcecc4e-c517-4170-9e42-244a595810d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=85bd44a1-2cb6-4cd8-860d-4f0070bca7d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **X-@ ]Ɋ& !X@- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**p.@ ]Ɋ& !X@. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**p/@ ]Ɋ& !X@/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8bap**h0@ ]Ɋ& !X@0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**h1@ ]Ɋ& !X@1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h2@ ]Ɋ& !X@2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**3@ ]Ɋ&  !@3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4400c81-8a4b-42ba-827a-5c5b84ad3158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **4H@ ]Ɋ& !H@4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2dd707db-6933-4bd8-b479-735e211d273e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4400c81-8a4b-42ba-827a-5c5b84ad3158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell**5H@ ]Ɋ& '!XH@5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**6H@ ]Ɋ& ?!XH@6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-31-8315-49ba ]Ɋ& reXH@7 F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e100a217-b779-4470-88cb-83a4015f0546 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 @pelineId=  ]Ɋ& maXv@ F&165a Pipel ]Ɋ& meXNl> F&e=ElfChnk7i7i@ce^Mu=VysMc&&** 7H@ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XH@7 F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8H@ ]Ɋ& 3!XH@8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**9H@ ]Ɋ& 3!XH@9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=811**:H@ ]Ɋ& 5!XH@: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0;H@ ]Ɋ& !H@; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cbeee941-e26d-434d-af17-9390ddc646f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@<u@ ]Ɋ& !u@< F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=425c2cc9-9daa-4c08-a2b8-684cb274725d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cbeee941-e26d-434d-af17-9390ddc646f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@**=k3C ]Ɋ& )!Xk3C= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **>k3C ]Ɋ& A!Xk3C> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta**?k3C ]Ɋ& =!Xk3C? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**@k3C ]Ɋ& 5!Xk3C@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**Ak3C ]Ɋ& 5!Xk3CA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve**Bk3C ]Ɋ& 7!Xk3CB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**0Ck3C ]Ɋ& !k3CC F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c87c608e-9b5f-4429-b5db-740641067dbb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@D@3C ]Ɋ& !@3CD F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=317b5f47-9e7d-4e88-b62d-4d668fe2be1f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c87c608e-9b5f-4429-b5db-740641067dbb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**XE@3C ]Ɋ& !X@3CE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pF@3C ]Ɋ& !X@3CF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hG@3C ]Ɋ& !X@3CG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`H@3C ]Ɋ& !X@3CH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`I@3C ]Ɋ& !X@3CI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hJ@3C ]Ɋ& !X@3CJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah**K@3C ]Ɋ&  !@3CK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b416f7a6-e78e-42d1-a98c-e2ca6df9c792 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New**L43C ]Ɋ& !43CL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=348cc28c-ca2c-4f24-b3d3-4ee4da11795a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b416f7a6-e78e-42d1-a98c-e2ca6df9c792 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**8M43C ]Ɋ& !X43CM F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**PN43C ]Ɋ& !X43CN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**PO43C ]Ɋ& !X43CO F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**HP43C ]Ɋ& !X43CP F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**HQ43C ]Ɋ& !X43CQ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**HR43C ]Ɋ& !X43CR F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**S43C ]Ɋ& !43CS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e36c20f-63a5-4ed8-867f-08f6e98b6304 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**T43C ]Ɋ& !43CT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=65cf5aca-a9fe-4ea0-a231-0cdbfd52b202 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e36c20f-63a5-4ed8-867f-08f6e98b6304 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XU43C ]Ɋ& !X43CU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pV43C ]Ɋ& !X43CV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**hW43C ]Ɋ& !X43CW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`X43C ]Ɋ& !X43CX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=10`**`Y43C ]Ɋ& !X43CY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`Z43C ]Ɋ& !X43CZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**[43C ]Ɋ& !43C[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e71c334a-94f8-40d7-ab72-052ca9968a55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**\m͖3C ]Ɋ& !m͖3C\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c665b78-9d28-4b05-8c77-0ebd183bc653 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e71c334a-94f8-40d7-ab72-052ca9968a55 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cd8**(]m͖3C ]Ɋ& !Xm͖3C] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@^m͖3C ]Ɋ& !Xm͖3C^ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@_m͖3C ]Ɋ& !Xm͖3C_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8`m͖3C ]Ɋ& !Xm͖3C` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8am͖3C ]Ɋ& !Xm͖3Ca F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8bm͖3C ]Ɋ& !Xm͖3Cb F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8**cm͖3C ]Ɋ& !m͖3Cc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=52b6fd39-1eec-4ed4-addc-234a05b581a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**df3C ]Ɋ& !f3Cd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e2ce9718-79a0-4b82-9586-1aa7fe534b8c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=52b6fd39-1eec-4ed4-addc-234a05b581a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**Xe13C ]Ɋ& !X13Ce F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pf13C ]Ɋ& !X13Cf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pg13C ]Ɋ& !X13Cg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**hh13C ]Ɋ& !X13Ch F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**hi13C ]Ɋ& !X13Ci F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& X13Cj F&]Ɋ& meXNl> F&e=ElfChnkjjH͝.-rMu=VysMc&&**p j13C ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X13Cj F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp **k13C ]Ɋ&  !13Ck F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d62da72-327b-4adf-aa9a-a988aa3bb4ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**l/3C ]Ɋ& !/3Cl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=75eefb41-df1d-4248-b2bf-3c85c3bec573 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d62da72-327b-4adf-aa9a-a988aa3bb4ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio**m^ș3C ]Ɋ& '!X^ș3Cm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**n^ș3C ]Ɋ& ?!X^ș3Cn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2**o^ș3C ]Ɋ& ;!X^ș3Co F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**p^ș3C ]Ɋ& 3!X^ș3Cp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**q^ș3C ]Ɋ& 3!X^ș3Cq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **r^ș3C ]Ɋ& 5!X^ș3Cr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0s^ș3C ]Ɋ& !^ș3Cs F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e2a5d366-bcee-496b-a2c8-dd7b5f78ccc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=660**@t`3C ]Ɋ& !`3Ct F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=467750c6-b7bb-4b8b-b7da-b56cbf1ef7db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e2a5d366-bcee-496b-a2c8-dd7b5f78ccc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**u~E ]Ɋ& )!X~Eu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**v~E ]Ɋ& A!X~Ev F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**w~E ]Ɋ& =!X~Ew F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**x~E ]Ɋ& 5!X~Ex F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**y~E ]Ɋ& 5!X~Ey F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**z~E ]Ɋ& 7!X~Ez F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0{~E ]Ɋ& !~E{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e36a5f91-01d7-4f47-8384-b45741adfc48 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@|߱~E ]Ɋ& !߱~E| F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7f408a96-60f1-4140-b11a-cea298528411 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e36a5f91-01d7-4f47-8384-b45741adfc48 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C@**X}x~E ]Ɋ& !Xx~E} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p~x~E ]Ɋ& !Xx~E~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hx~E ]Ɋ& !Xx~E F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`x~E ]Ɋ& !Xx~E F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`x~E ]Ɋ& !Xx~E F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hx~E ]Ɋ& !Xx~E F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**x~E ]Ɋ&  !x~E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aa1b6e1-89fc-41c7-a7a6-99f0b5507628 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**x~E ]Ɋ& !x~E F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=10b85c12-9e7d-4b4a-961e-aabbde118386 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aa1b6e1-89fc-41c7-a7a6-99f0b5507628 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8~E ]Ɋ& !X~E F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**P~E ]Ɋ& !X~E F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**P~E ]Ɋ& !X~E F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**H~E ]Ɋ& !X~E F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H~E ]Ɋ& !X~E F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3CH**H~E ]Ɋ& !X~E F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**~E ]Ɋ& !~E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0c6afcde-3e8a-47e0-bff9-eb79be4091d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~E ]Ɋ& !~E F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb06c8f2-75c9-4b25-8810-d7032dff7c9b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0c6afcde-3e8a-47e0-bff9-eb79be4091d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X~E ]Ɋ& !X~E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p~E ]Ɋ& !X~E F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h~E ]Ɋ& !X~E F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`~E ]Ɋ& !X~E F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`~E ]Ɋ& !X~E F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`~E ]Ɋ& !X~E F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**~E ]Ɋ& !~E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=733cafaf-9948-426e-9388-faef62ffedde PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**~E ]Ɋ& !~E F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efff1ad0-acf9-4edf-a450-edc4b9372014 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=733cafaf-9948-426e-9388-faef62ffedde PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(~E ]Ɋ& !X~E F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@~E ]Ɋ& !X~E F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@~E ]Ɋ& !X~E F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**8~E ]Ɋ& !X~E F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**8~E ]Ɋ& !X~E F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8~E ]Ɋ& !X~E F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**~E ]Ɋ& !~E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2b7825f6-8b10-4473-984e-8a4895db42ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**GB~E ]Ɋ& !GB~E F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c80f21fb-7653-4595-acb9-f03e8c3ac37e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2b7825f6-8b10-4473-984e-8a4895db42ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& X~E F&X13Cj F&]Ɋ& meXNl> F&e=ElfChnkHHMu=VysMc&&**` ~E ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!X~E F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **p~E ]Ɋ& !X~E F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p~E ]Ɋ& !X~E F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**h~E ]Ɋ& !X~E F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h~E ]Ɋ& !X~E F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h~E ]Ɋ& !X~E F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**~E ]Ɋ&  !~E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=44a130e3-1681-4905-be7e-ed46d76085ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8=~E ]Ɋ& !8=~E F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7eeb907c-7c9c-4db8-bc90-ca32bdc6d119 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=44a130e3-1681-4905-be7e-ed46d76085ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**շ~E ]Ɋ& '!Xշ~E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**շ~E ]Ɋ& ?!Xշ~E F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**շ~E ]Ɋ& ;!Xշ~E F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0-b**շ~E ]Ɋ& 3!Xշ~E F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**շ~E ]Ɋ& 3!Xշ~E F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b11**շ~E ]Ɋ& 5!Xշ~E F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0շ~E ]Ɋ& !շ~E F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32ab67f1-297b-4fa6-875e-07b0c4d0db13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@~E ]Ɋ& !~E F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2b366b34-9b40-4c99-a3c0-d18305acc082 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32ab67f1-297b-4fa6-875e-07b0c4d0db13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**VG ]Ɋ& )!XVG F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**VG ]Ɋ& A!XVG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **VG ]Ɋ& =!XVG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**VG ]Ɋ& 5!XVG F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**VG ]Ɋ& 5!XVG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **VG ]Ɋ& 7!XVG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0VG ]Ɋ& !VG F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77bdc286-2e51-4638-a476-d08bef10dae6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@LG ]Ɋ& !LG F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ae867cdc-4a29-4abe-a541-d91a20d165fb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77bdc286-2e51-4638-a476-d08bef10dae6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**XLG ]Ɋ& !XLG F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pLG ]Ɋ& !XLG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**hLG ]Ɋ& !XLG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`LG ]Ɋ& !XLG F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**`LG ]Ɋ& !XLG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**hLG ]Ɋ& !XLG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**G ]Ɋ&  !G F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=048340e7-f8a9-4df7-ad66-6def6a5c6dbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**G ]Ɋ& !G F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5b45ae5-6783-4407-8915-cb19e7403f0d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=048340e7-f8a9-4df7-ad66-6def6a5c6dbe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8G ]Ɋ& !XG F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**PG ]Ɋ& !XG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**PG ]Ɋ& !XG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**HG ]Ɋ& !XG F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**HG ]Ɋ& !XG F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**HG ]Ɋ& !XG F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**G ]Ɋ& !G F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8c19feb-0a63-4394-bebf-98d1ccc5e895 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **G ]Ɋ& !G F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e6b2a642-dfb4-466b-a698-4f699f78d761 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8c19feb-0a63-4394-bebf-98d1ccc5e895 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X}G ]Ɋ& !X}G F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p}G ]Ɋ& !X}G F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**h}G ]Ɋ& !X}G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`}G ]Ɋ& !X}G F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`}G ]Ɋ& !X}G F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`}G ]Ɋ& !X}G F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**}G ]Ɋ& !}G F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7bafb0e2-2cd2-4826-b25e-8ec2fcdd2b93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**}G ]Ɋ& !}G F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee69bef8-9eb4-4c95-9554-67fcafcd8dc3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7bafb0e2-2cd2-4826-b25e-8ec2fcdd2b93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(}G ]Ɋ& !X}G F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@}G ]Ɋ& !X}G F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& X}G F&X13Cj F&]Ɋ& meXNl> F&e=ElfChnkPtEbu"Mu=VysMc&&**@ }G ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!X}G F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8}G ]Ɋ& !X}G F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8}G ]Ɋ& !X}G F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8}G ]Ɋ& !X}G F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**GG ]Ɋ& !GG F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a9ac1a96-562f-4940-8072-c3b8141fdc24 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**ݮG ]Ɋ& !ݮG F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=23adb069-7372-4eaf-8876-1d6aefe0f0c6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a9ac1a96-562f-4940-8072-c3b8141fdc24 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X G ]Ɋ& !X G F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**p G ]Ɋ& !X G F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p G ]Ɋ& !X G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**h G ]Ɋ& !X G F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**h G ]Ɋ& !X G F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h G ]Ɋ& !X G F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth** G ]Ɋ&  ! G F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b4f9cbb-ec8f-4740-9473-57bd8e774dc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**xG ]Ɋ& !xG F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=569f336d-835b-40fd-821b-b498c20d9f6a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b4f9cbb-ec8f-4740-9473-57bd8e774dc3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**xG ]Ɋ& '!XxG F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**xG ]Ɋ& ?!XxG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**xG ]Ɋ& ;!XxG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4a**xG ]Ɋ& 3!XxG F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****xG ]Ɋ& 3!XxG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=abe**xG ]Ɋ& 5!XxG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0xG ]Ɋ& !xG F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=02ac4d71-44cc-4dc0-bf3d-9993ca56e961 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@ΩG ]Ɋ& !ΩG F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5d3359bb-c005-4943-aa05-32825bea3af2 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=02ac4d71-44cc-4dc0-bf3d-9993ca56e961 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**w=J ]Ɋ& )!Xw=J F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**w=J ]Ɋ& A!Xw=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId**w=J ]Ɋ& =!Xw=J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**w=J ]Ɋ& 5!Xw=J F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/**w=J ]Ɋ& 5!Xw=J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3f**w=J ]Ɋ& 7!Xw=J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0O=J ]Ɋ& !O=J F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b16024fd-5b39-4d47-8f4d-96071f91b670 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@樢=J ]Ɋ& !樢=J F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9d92974-489a-43da-8d6d-256abd734e89 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b16024fd-5b39-4d47-8f4d-96071f91b670 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**X|A=J ]Ɋ& !X|A=J F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p|A=J ]Ɋ& !X|A=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h|A=J ]Ɋ& !X|A=J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`|A=J ]Ɋ& !X|A=J F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`|A=J ]Ɋ& !X|A=J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**h|A=J ]Ɋ& !X|A=J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**|A=J ]Ɋ&  !|A=J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9a83d34-00a3-4865-954f-834a477e05f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**|A=J ]Ɋ& !|A=J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=10d9a07f-c3a5-4cae-a0c3-63bcf46e7d69 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9a83d34-00a3-4865-954f-834a477e05f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8|A=J ]Ɋ& !X|A=J F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**P|A=J ]Ɋ& !X|A=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**P|A=J ]Ɋ& !X|A=J F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**H|A=J ]Ɋ& !X|A=J F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**H|A=J ]Ɋ& !X|A=J F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**H|A=J ]Ɋ& !X|A=J F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**|A=J ]Ɋ& !|A=J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a472f60a-ce3a-405d-860b-baa4730e842e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**ڣ=J ]Ɋ& !ڣ=J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30a4aa2c-d21d-4a35-9ba6-14081ae2c262 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a472f60a-ce3a-405d-860b-baa4730e842e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**Xڣ=J ]Ɋ& !Xڣ=J F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pڣ=J ]Ɋ& !Xڣ=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**hڣ=J ]Ɋ& !Xڣ=J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  Xڣ=J F&CommandPath= CommandLine= @riptName=  ]Ɋ& X}G F&X13Cj F&]Ɋ& meXNl> F&e=ElfChnk00XV]0bjMu=VysMc&&**hڣ=J ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!Xڣ=J F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`ڣ=J ]Ɋ& !Xڣ=J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`ڣ=J ]Ɋ& !Xڣ=J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**ڣ=J ]Ɋ& !ڣ=J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7fd8f18d-6067-4892-aa43-0a77323ff812 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ڣ=J ]Ɋ& !ڣ=J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b662c7c-c034-45ed-8e31-27b169c2b7ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7fd8f18d-6067-4892-aa43-0a77323ff812 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(r=J ]Ɋ& !Xr=J F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@r=J ]Ɋ& !Xr=J F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@r=J ]Ɋ& !Xr=J F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8r=J ]Ɋ& !Xr=J F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8 r=J ]Ɋ& !Xr=J  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8 r=J ]Ɋ& !Xr=J  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8** r=J ]Ɋ& !r=J  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a7ecf95f-ff98-44e2-b495-0d2903a80c5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0** @ =J ]Ɋ& !@ =J  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb6b12bb-6451-4a13-86f2-c954264ab30c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a7ecf95f-ff98-44e2-b495-0d2903a80c5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X m<=J ]Ɋ& !Xm<=J  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pm<=J ]Ɋ& !Xm<=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pm<=J ]Ɋ& !Xm<=J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hm<=J ]Ɋ& !Xm<=J F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**hm<=J ]Ɋ& !Xm<=J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**hm<=J ]Ɋ& !Xm<=J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5dh**m<=J ]Ɋ&  !m<=J F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03c9ca52-c024-4b23-b808-d2abc4ac80da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **զ=J ]Ɋ& !զ=J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=25e6a9df-a73f-446f-96d6-4997a84d2db2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03c9ca52-c024-4b23-b808-d2abc4ac80da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base**m=J ]Ɋ& '!Xm=J F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**m=J ]Ɋ& ?!Xm=J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**m=J ]Ɋ& ;!Xm=J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe**m=J ]Ɋ& 3!Xm=J F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F**m=J ]Ɋ& 3!Xm=J F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers**m=J ]Ɋ& 5!Xm=J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0m=J ]Ɋ& !m=J F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=836efcc1-fe89-4a4b-97ad-cb9576d64057 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1b0**@0=J ]Ɋ& !0=J F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c124b52c-5374-49fd-8af3-479ea8f52d3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=836efcc1-fe89-4a4b-97ad-cb9576d64057 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @**YrL ]Ɋ& )!XYrL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**YrL ]Ɋ& A!XYrL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**YrL ]Ɋ& =!XYrL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** YrL ]Ɋ& 5!XYrL  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**!YrL ]Ɋ& 5!XYrL! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**"YrL ]Ɋ& 7!XYrL" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0#YrL ]Ɋ& !YrL# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22f395e3-79af-45bc-a313-67beb44bfe12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@$rL ]Ɋ& !rL$ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3e9d2e58-9f79-423e-b84a-fe4d252ec9a2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22f395e3-79af-45bc-a313-67beb44bfe12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10@**X%I#tL ]Ɋ& !XI#tL% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**p&I#tL ]Ɋ& !XI#tL& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**h'I#tL ]Ɋ& !XI#tL' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**`(I#tL ]Ɋ& !XI#tL( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**`)I#tL ]Ɋ& !XI#tL) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5`**h*I#tL ]Ɋ& !XI#tL* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ae2ch**+I#tL ]Ɋ&  !I#tL+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6798c8c-26f5-4371-b9ac-ec8fcd28c73d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |**,I#tL ]Ɋ& !I#tL, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=70dd2f3f-078f-420a-931d-a37bc9be17c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6798c8c-26f5-4371-b9ac-ec8fcd28c73d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8-߻tL ]Ɋ& !X߻tL- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P.߻tL ]Ɋ& !X߻tL. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**P/߻tL ]Ɋ& !X߻tL/ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c2b7P**H0߻tL ]Ɋ& !X߻tL0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH]Ɋ& ]Ɋ& l>X߻tL1 ElfChnk1a1aH+]Mu=VysMc&&**H1߻tL ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X߻tL1 F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**H2߻tL ]Ɋ& !X߻tL2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**3߻tL ]Ɋ& !߻tL3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=005b51a4-ff77-47a7-acb8-672acf41c07e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**4߻tL ]Ɋ& !߻tL4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7f49f529-71f4-4fa1-bee9-a6bba908dd15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=005b51a4-ff77-47a7-acb8-672acf41c07e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X5vTuL ]Ɋ& !XvTuL5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**p6vTuL ]Ɋ& !XvTuL6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**h7vTuL ]Ɋ& !XvTuL7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`8vTuL ]Ɋ& !XvTuL8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`9vTuL ]Ɋ& !XvTuL9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`:vTuL ]Ɋ& !XvTuL: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**;vTuL ]Ɋ& !vTuL; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f83a1a9-9bcf-4b70-937d-1087fb363420 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<vTuL ]Ɋ& !vTuL< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9897f0b3-abfa-4fe8-a4ef-cf5e10ce5dbe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f83a1a9-9bcf-4b70-937d-1087fb363420 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(=vTuL ]Ɋ& !XvTuL= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c(**@>vTuL ]Ɋ& !XvTuL> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@?vTuL ]Ɋ& !XvTuL? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8@vTuL ]Ɋ& !XvTuL@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8AvTuL ]Ɋ& !XvTuLA F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8BvTuL ]Ɋ& !XvTuLB F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**CvTuL ]Ɋ& !vTuLC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=475a1ecb-f62f-430b-9cc5-d8607193d0e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **DvL ]Ɋ& !vLD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e667c279-3624-49fd-8ec3-0bbbe0f67236 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=475a1ecb-f62f-430b-9cc5-d8607193d0e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**XEжwL ]Ɋ& !XжwLE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pFжwL ]Ɋ& !XжwLF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pGжwL ]Ɋ& !XжwLG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hHжwL ]Ɋ& !XжwLH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hIжwL ]Ɋ& !XжwLI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hJжwL ]Ɋ& !XжwLJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**KжwL ]Ɋ&  !жwLK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7117981f-d115-4e20-a5ed-ad0f35c92d19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**LfOxL ]Ɋ& !fOxLL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72b47ecb-5a40-4519-9882-3ea2bcad8bc0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7117981f-d115-4e20-a5ed-ad0f35c92d19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**MfOxL ]Ɋ& '!XfOxLM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **NfOxL ]Ɋ& ?!XfOxLN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**OfOxL ]Ɋ& ;!XfOxLO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**PfOxL ]Ɋ& 3!XfOxLP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **QfOxL ]Ɋ& 3!XfOxLQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**RfOxL ]Ɋ& 5!XfOxLR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0SfOxL ]Ɋ& !fOxLS F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0aebe366-13d9-479d-a448-cf01276fabaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@TyL ]Ɋ& !yLT F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=566fc2a0-da9d-4fa6-b9a3-cc9f19dde70e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0aebe366-13d9-479d-a448-cf01276fabaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-67b@**UwN ]Ɋ& )!XwNU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**VwN ]Ɋ& A!XwNV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**WwN ]Ɋ& =!XwNW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a3**XwN ]Ɋ& 5!XwNX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**YwN ]Ɋ& 5!XwNY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**ZwN ]Ɋ& 7!XwNZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I**0[wN ]Ɋ& !wN[ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5d121bd-9687-4ce0-a16e-a7c509d9db40 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@\,N ]Ɋ& !,N\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c81353c1-9952-4cb3-956e-e53ea41000a0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5d121bd-9687-4ce0-a16e-a7c509d9db40 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X],N ]Ɋ& !X,N] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p^,N ]Ɋ& !X,N^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h_,N ]Ɋ& !X,N_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**``,N ]Ɋ& !X,N` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`a,N ]Ɋ& !X,Na F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==` FH] ]Ɋ& X,Nb F& ElfChnkbbUKCMu=VysMc&&**hb,N ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!X,Nb F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**c,N ]Ɋ&  !,Nc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66138bef-09b1-4ca2-aba6-9db66cb8b1f4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=߸**dAN ]Ɋ& !ANd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ed49d7fd-7270-42ff-9251-4359953adf04 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66138bef-09b1-4ca2-aba6-9db66cb8b1f4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8eAN ]Ɋ& !XANe F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PfAN ]Ɋ& !XANf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PgAN ]Ɋ& !XANg F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**HhAN ]Ɋ& !XANh F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**HiAN ]Ɋ& !XANi F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**HjAN ]Ɋ& !XANj F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**kAN ]Ɋ& !ANk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77673425-35d9-499f-8e8a-a7b16b8da475 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;**lAN ]Ɋ& !ANl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40a82639-5b8c-4bb0-ba5b-9c1b32a84b77 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77673425-35d9-499f-8e8a-a7b16b8da475 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XmAN ]Ɋ& !XANm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**pnAN ]Ɋ& !XANn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**hoAN ]Ɋ& !XANo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`pAN ]Ɋ& !XANp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`qAN ]Ɋ& !XANq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`rAN ]Ɋ& !XANr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**sYڏN ]Ɋ& !YڏNs F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=426dc57a-748a-4d24-ad53-827fd07dfada PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**tYڏN ]Ɋ& !YڏNt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1240882d-d568-4e33-bfce-36208ebba4fe HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=426dc57a-748a-4d24-ad53-827fd07dfada PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(uYڏN ]Ɋ& !XYڏNu F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@vYڏN ]Ɋ& !XYڏNv F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@wYڏN ]Ɋ& !XYڏNw F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8xYڏN ]Ɋ& !XYڏNx F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8yYڏN ]Ɋ& !XYڏNy F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8zYڏN ]Ɋ& !XYڏNz F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**{YڏN ]Ɋ& !YڏN{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=abaca036-4d26-4845-8edf-47014a7578f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**|rN ]Ɋ& !rN| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0cca9d0-37ff-49bf-8099-d998a0c8d715 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=abaca036-4d26-4845-8edf-47014a7578f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**X}9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31051706-5f5a-4df1-a2df-54ada9fba379 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a215088b-9638-434d-8395-8f12baf83eef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@4XQ ]Ɋ& !4XQ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31051706-5f5a-4df1-a2df-54ada9fba379 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a215088b-9638-434d-8395-8f12baf83eef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**X4XQ ]Ɋ& !X4XQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**p4XQ ]Ɋ& !X4XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**h4XQ ]Ɋ& !X4XQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**`4XQ ]Ɋ& !X4XQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**`4XQ ]Ɋ& !X4XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**h4XQ ]Ɋ& !X4XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh**4XQ ]Ɋ&  !4XQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=74c6623a-745f-4e4c-b8b9-8415cd2d86f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**7A5XQ ]Ɋ& !7A5XQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c7501d5f-8cba-4141-947c-d1171995c815 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=74c6623a-745f-4e4c-b8b9-8415cd2d86f0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**87A5XQ ]Ɋ& !X7A5XQ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P7A5XQ ]Ɋ& !X7A5XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**P7A5XQ ]Ɋ& !X7A5XQ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**H7A5XQ ]Ɋ& !X7A5XQ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**H7A5XQ ]Ɋ& !X7A5XQ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**H7A5XQ ]Ɋ& !X7A5XQ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH**7A5XQ ]Ɋ& !7A5XQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=43c51f67-808b-47b0-976f-32b075e06634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**5XQ ]Ɋ& !5XQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b10e6f0-562f-439c-b0d9-eccfbb45ff0c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=43c51f67-808b-47b0-976f-32b075e06634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X5XQ ]Ɋ& !X5XQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==426X**p5XQ ]Ɋ& !X5XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**h5XQ ]Ɋ& !X5XQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`5XQ ]Ɋ& !X5XQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`5XQ ]Ɋ& !X5XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`5XQ ]Ɋ& !X5XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**5XQ ]Ɋ& !5XQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae39f000-fbd6-40c4-bad8-009733c715ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**5XQ ]Ɋ& !5XQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=45a10193-2990-44f5-87ae-f2feae9b55de HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae39f000-fbd6-40c4-bad8-009733c715ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(dr6XQ ]Ɋ& !Xdr6XQ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@dr6XQ ]Ɋ& !Xdr6XQ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@dr6XQ ]Ɋ& !Xdr6XQ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8dr6XQ ]Ɋ& !Xdr6XQ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8dr6XQ ]Ɋ& !Xdr6XQ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**8dr6XQ ]Ɋ& !Xdr6XQ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**dr6XQ ]Ɋ& !dr6XQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=64b67c2c-64da-43ad-b485-a14d19e2d9cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru** 7XQ ]Ɋ& ! 7XQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fdca6d62-189d-4c41-9b53-5181414ab24a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=64b67c2c-64da-43ad-b485-a14d19e2d9cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**X(<8XQ ]Ɋ& !X(<8XQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**p(<8XQ ]Ɋ& !X(<8XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**p(<8XQ ]Ɋ& !X(<8XQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**h(<8XQ ]Ɋ& !X(<8XQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**h(<8XQ ]Ɋ& !X(<8XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**h(<8XQ ]Ɋ& !X(<8XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**(<8XQ ]Ɋ&  !(<8XQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa8314c8-51f5-460f-8ed0-22fa7795adb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8XQ ]Ɋ& !8XQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=175d2164-4573-499a-9aeb-1cf57d30d12c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa8314c8-51f5-460f-8ed0-22fa7795adb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**8XQ ]Ɋ& '!X8XQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**8XQ ]Ɋ& ?!X8XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8XQ ]Ɋ& ;!X8XQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8XQ ]Ɋ& 3!X8XQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**8XQ ]Ɋ& 3!X8XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8XQ ]Ɋ& 5!X8XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 358XQ F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**tw3XQ ]Ɋ& 7!Xtw3XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31051706-5f5a-4df1-a2df-54ada9fba379 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkHDV*";Mu=VysMc&&**8 8XQ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !8XQ F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0bc1672d-e9c5-4883-8854-4f1647ba96ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6-58 **@:XQ ]Ɋ& !:XQ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5b71ee61-b441-42d2-8469-5fc1f366ddf1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0bc1672d-e9c5-4883-8854-4f1647ba96ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**qdS ]Ɋ& )!XqdS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**qdS ]Ɋ& A!XqdS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **qdS ]Ɋ& =!XqdS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **qdS ]Ɋ& 5!XqdS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=41**qdS ]Ɋ& 5!XqdS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**qdS ]Ɋ& 7!XqdS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0qdS ]Ɋ& !qdS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=336ba9a6-4717-4c52-b51e-5eb2bfa6e026 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@S ]Ɋ& !S F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d8cbad2-a05f-4b30-95c0-60033a588214 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=336ba9a6-4717-4c52-b51e-5eb2bfa6e026 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**XS ]Ɋ& !XS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pS ]Ɋ& !XS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hS ]Ɋ& !XS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`S ]Ɋ& !XS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`S ]Ɋ& !XS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hS ]Ɋ& !XS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5XQh**S ]Ɋ&  !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f708a08d-1b07-4124-a9a2-bcac529988ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=03e351ba-9505-4547-973a-79c4d48a23d4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f708a08d-1b07-4124-a9a2-bcac529988ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**84.S ]Ɋ& !X4.S F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P4.S ]Ɋ& !X4.S F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P4.S ]Ɋ& !X4.S F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**H4.S ]Ɋ& !X4.S F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H4.S ]Ɋ& !X4.S F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H4.S ]Ɋ& !X4.S F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**4.S ]Ɋ& !4.S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a812e812-9c3b-461c-8c3e-73e073cc2604 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4.S ]Ɋ& !4.S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb27bae6-23cb-4567-ad6e-aacd92fc428d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a812e812-9c3b-461c-8c3e-73e073cc2604 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X4.S ]Ɋ& !X4.S F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p4.S ]Ɋ& !X4.S F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**h4.S ]Ɋ& !X4.S F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`4.S ]Ɋ& !X4.S F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6d`**`4.S ]Ɋ& !X4.S F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**`4.S ]Ɋ& !X4.S F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**4.S ]Ɋ& !4.S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=051fe4b6-9932-40fa-bad7-c14fef5b1859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=abb63a8e-b8a0-4a0a-96dd-7233d034179c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=051fe4b6-9932-40fa-bad7-c14fef5b1859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(S ]Ɋ& !XS F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@S ]Ɋ& !XS F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@S ]Ɋ& !XS F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**8S ]Ɋ& !XS F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8S ]Ɋ& !XS F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8S ]Ɋ& !XS F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**S ]Ɋ& !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d19bead4-618f-4b74-8b43-dab8aa80485b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**a_S ]Ɋ& !a_S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b3e958d2-523a-455f-af30-e99a2e17a32b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d19bead4-618f-4b74-8b43-dab8aa80485b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**XS ]Ɋ& !XS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**pS ]Ɋ& !XS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pS ]Ɋ& !XS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**hS ]Ɋ& !XS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**hS ]Ɋ& !XS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**hS ]Ɋ& !XS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**S ]Ɋ&  !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1ad381d-6ad2-4bd9-ab00-5ecc2b8c167e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**%)S ]Ɋ& !%)S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eb62ced6-2254-44b8-84ad-57bed5a55bc8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1ad381d-6ad2-4bd9-ab00-5ecc2b8c167e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=358XQ ]Ɋ&  CX%)S F&ommandPath= CommandLine=wP**tw3XQ ]Ɋ& 7!Xtw3XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31051706-5f5a-4df1-a2df-54ada9fba379 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk''( NBJMu=VysMc&&** %)S ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X%)S F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **%)S ]Ɋ& ?!X%)S F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**%)S ]Ɋ& ;!X%)S F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **%)S ]Ɋ& 3!X%)S F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**%)S ]Ɋ& 3!X%)S F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**%)S ]Ɋ& 5!X%)S F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0%)S ]Ɋ& !%)S F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f048b3e-420b-4f9f-9549-51f764930b41 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@RZS ]Ɋ& !RZS F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2c5069bc-4248-47e9-9e9b-760951be95db HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8f048b3e-420b-4f9f-9549-51f764930b41 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**7V ]Ɋ& )!X7V F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**7V ]Ɋ& A!X7V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta**7V ]Ɋ& =!X7V F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=47**7V ]Ɋ& 5!X7V F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**7V ]Ɋ& 5!X7V F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**7V ]Ɋ& 7!X7V F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**07V ]Ɋ& !7V F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2f6054d-5af4-44e3-9a15-efdd3b07d8ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@hV ]Ɋ& !hV F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6b9510e-691e-4991-b097-857feb37ae24 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2f6054d-5af4-44e3-9a15-efdd3b07d8ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**XhV ]Ɋ& !XhV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**phV ]Ɋ& !XhV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hhV ]Ɋ& !XhV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`hV ]Ɋ& !XhV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**` hV ]Ɋ& !XhV  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h hV ]Ɋ& !XhV  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.h** hV ]Ɋ&  !hV  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91795ead-72e6-49ec-ae61-8a0e35e3cc6a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** nV ]Ɋ& !nV  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee7a6b45-3bcc-48c2-9275-2349a8d3776d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91795ead-72e6-49ec-ae61-8a0e35e3cc6a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 nV ]Ɋ& !XnV  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PnV ]Ɋ& !XnV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.P**PnV ]Ɋ& !XnV F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**HnV ]Ɋ& !XnV F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**HnV ]Ɋ& !XnV F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**HnV ]Ɋ& !XnV F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH**nV ]Ɋ& !nV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e7ec1a6-bda8-4777-ac38-c8ce3d414bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **nV ]Ɋ& !nV F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c52d9338-20fb-448b-8495-6c799f5c7284 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e7ec1a6-bda8-4777-ac38-c8ce3d414bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XnV ]Ɋ& !XnV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**pnV ]Ɋ& !XnV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**hnV ]Ɋ& !XnV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**`nV ]Ɋ& !XnV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`nV ]Ɋ& !XnV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`nV ]Ɋ& !XnV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**nV ]Ɋ& !nV F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a0c2932a-898a-421a-9014-ee649ee0a5d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R**V ]Ɋ& !V F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fcafcbba-096c-4c30-a39f-bc189314ed54 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a0c2932a-898a-421a-9014-ee649ee0a5d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**(V ]Ɋ& !XV F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@V ]Ɋ& !XV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@V ]Ɋ& !XV F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7be@**8 V ]Ɋ& !XV  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8!V ]Ɋ& !XV! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**8"V ]Ɋ& !XV" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8**#V ]Ɋ& !V# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ab7315ff-d568-46d1-a6c9-c3ae45c24288 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al**$2V ]Ɋ& !2V$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=96dcb803-0890-4470-af8a-61b584c26d81 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ab7315ff-d568-46d1-a6c9-c3ae45c24288 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**X%cV ]Ɋ& !XcV% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**p&cV ]Ɋ& !XcV& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p'cV ]Ɋ& !XcV' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& f-XcV( F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(Z(Z9}!bMu=VysMc&&**h (cV ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!XcV( F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h)cV ]Ɋ& !XcV) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**h*cV ]Ɋ& !XcV* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch**+cV ]Ɋ&  !cV+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b910671-2733-40d4-a4e3-379578c792a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**,_V ]Ɋ& !_V, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c46dc9e6-52ce-4bec-b8df-24c6b740118f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b910671-2733-40d4-a4e3-379578c792a9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst**-_V ]Ɋ& '!X_V- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**._V ]Ɋ& ?!X_V. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**/_V ]Ɋ& ;!X_V/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**0_V ]Ɋ& 3!X_V0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**1_V ]Ɋ& 3!X_V1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**2_V ]Ɋ& 5!X_V2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**03V ]Ɋ& !V3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a12b5fa0-2b78-4259-bf0f-39c0e45a3a94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@4-V ]Ɋ& !-V4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=959d7571-26c1-488f-8dce-c275db287801 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a12b5fa0-2b78-4259-bf0f-39c0e45a3a94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**5ѫjX ]Ɋ& )!XѫjX5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**6ѫjX ]Ɋ& A!XѫjX6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**7ѫjX ]Ɋ& =!XѫjX7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8ѫjX ]Ɋ& 5!XѫjX8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g **9ѫjX ]Ɋ& 5!XѫjX9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na**:ѫjX ]Ɋ& 7!XѫjX: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0;jjX ]Ɋ& !jjX; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=72653556-4b64-4578-b448-75eff7716c77 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=90**@<jX ]Ɋ& !jX< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c1bfd280-ec12-47e9-849e-08d577872b08 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=72653556-4b64-4578-b448-75eff7716c77 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**X=jX ]Ɋ& !XjX= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**p>jX ]Ɋ& !XjX> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**h?jX ]Ɋ& !XjX? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`@jX ]Ɋ& !XjX@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`AjX ]Ɋ& !XjXA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**hBjX ]Ɋ& !XjXB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**CjX ]Ɋ&  !jXC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad1a8e55-6335-45f9-a6d4-2cdd65867266 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli**DjX ]Ɋ& !jXD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=06983fd3-8776-4424-8a8f-1813b186e8f1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad1a8e55-6335-45f9-a6d4-2cdd65867266 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**8EjX ]Ɋ& !XjXE F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f-8**PFjX ]Ɋ& !XjXF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=baP**PGjX ]Ɋ& !XjXG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**HHjX ]Ɋ& !XjXH F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**HIjX ]Ɋ& !XjXI F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**HJjX ]Ɋ& !XjXJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**KjX ]Ɋ& !jXK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50b0f956-0fa4-4596-b9d0-51f34ccfe7cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**LC4jX ]Ɋ& !C4jXL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b62fe85e-b25e-4ede-b2a7-bf70a9edded4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50b0f956-0fa4-4596-b9d0-51f34ccfe7cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**XMC4jX ]Ɋ& !XC4jXM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**pNC4jX ]Ɋ& !XC4jXN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hOC4jX ]Ɋ& !XC4jXO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`PC4jX ]Ɋ& !XC4jXP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`QC4jX ]Ɋ& !XC4jXQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`RC4jX ]Ɋ& !XC4jXR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**SC4jX ]Ɋ& !C4jXS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5da3da71-68c2-4bab-93e4-a85bd906094a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**TC4jX ]Ɋ& !C4jXT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=77602daf-7c4b-4731-9a3a-8004819cd1a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5da3da71-68c2-4bab-93e4-a85bd906094a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**(U̮jX ]Ɋ& !X̮jXU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@V̮jX ]Ɋ& !X̮jXV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@W̮jX ]Ɋ& !X̮jXW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**8X̮jX ]Ɋ& !X̮jXX F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**8Y̮jX ]Ɋ& !X̮jXY F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8Z̮jX ]Ɋ& !X̮jXZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnk[[@Da7Mu=VysMc&&** [̮jX ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! m!̮jX[ F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=26d69bfb-6777-46cc-9105-14bcefca5bfd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio **\pejX ]Ɋ& !pejX\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bf8647cf-f074-48ec-be7a-4a758b600aea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=26d69bfb-6777-46cc-9105-14bcefca5bfd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**X]jX ]Ɋ& !XjX] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p^jX ]Ɋ& !XjX^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**p_jX ]Ɋ& !XjX_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**h`jX ]Ɋ& !XjX` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**hajX ]Ɋ& !XjXa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hbjX ]Ɋ& !XjXb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**cjX ]Ɋ&  !jXc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0dc7521e-d9e0-4648-853b-83aa6767b0c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_θ**d4/jX ]Ɋ& !4/jXd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b39f52ff-17fc-4619-a2dd-9d374e0b0f04 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0dc7521e-d9e0-4648-853b-83aa6767b0c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**e4/jX ]Ɋ& '!X4/jXe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**f4/jX ]Ɋ& ?!X4/jXf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**g4/jX ]Ɋ& ;!X4/jXg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**h4/jX ]Ɋ& 3!X4/jXh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**i4/jX ]Ɋ& 3!X4/jXi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**j4/jX ]Ɋ& 5!X4/jXj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0k4/jX ]Ɋ& !4/jXk F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=6f59ea3a-7509-4766-a1bd-1708571cf972 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la0**@la`jX ]Ɋ& !a`jXl F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a47ae914-79bb-4ece-8f9c-8a69a4398349 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=6f59ea3a-7509-4766-a1bd-1708571cf972 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng -@**mv:Z ]Ɋ& )!Xv:Zm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**nv:Z ]Ɋ& A!Xv:Zn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=24-8**ov:Z ]Ɋ& =!Xv:Zo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**pv:Z ]Ɋ& 5!Xv:Zp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**qv:Z ]Ɋ& 5!Xv:Zq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**rv:Z ]Ɋ& 7!Xv:Zr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**0sv:Z ]Ɋ& !v:Zs F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a2c9545f-4871-4399-bfde-065c1cb504a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@t;Z ]Ɋ& !;Zt F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b317eaba-36a1-4815-b835-0d65a1023133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a2c9545f-4871-4399-bfde-065c1cb504a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pel@**Xu;Z ]Ɋ& !X;Zu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RX**pv;Z ]Ɋ& !X;Zv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersp**hw;Z ]Ɋ& !X;Zw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ph**`x;Z ]Ɋ& !X;Zx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**`y;Z ]Ɋ& !X;Zy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hz;Z ]Ɋ& !X;Zz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**{;Z ]Ɋ&  !;Z{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3f5778cd-5c00-48ed-822e-ea81aec45762 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27c30b91-5164-4f08-a2cc-ed66a7313df7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**|:P9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0 **@g=Z ]Ɋ& !Xg=Z F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P@**@g=Z ]Ɋ& !Xg=Z F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lue@**8g=Z ]Ɋ& !Xg=Z F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**8g=Z ]Ɋ& !Xg=Z F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4 8**8g=Z ]Ɋ& !Xg=Z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er8**g=Z ]Ɋ& !g=Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fc71f5bd-5156-433e-89a1-ed02c1008903 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**>Z ]Ɋ& !>Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6a8797d9-9c26-48b1-b0f1-1254af754dd4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fc71f5bd-5156-433e-89a1-ed02c1008903 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **X?Z ]Ɋ& !X?Z F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**p?Z ]Ɋ& !X?Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**p?Z ]Ɋ& !X?Z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rinp**h?Z ]Ɋ& !X?Z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h?Z ]Ɋ& !X?Z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipth**h?Z ]Ɋ& !X?Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**?Z ]Ɋ&  !?Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd8c960e-0a0c-4a6c-bdb8-1cce04a5e04f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eg**W|@Z ]Ɋ& !W|@Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31517ccf-e083-41b4-9b79-a60faba05acc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd8c960e-0a0c-4a6c-bdb8-1cce04a5e04f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=914-**W|@Z ]Ɋ& '!XW|@Z F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**W|@Z ]Ɋ& ?!XW|@Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**W|@Z ]Ɋ& ;!XW|@Z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **W|@Z ]Ɋ& 3!XW|@Z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**W|@Z ]Ɋ& 3!XW|@Z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **W|@Z ]Ɋ& 5!XW|@Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0W|@Z ]Ɋ& !W|@Z F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a09de0e0-3a4d-409d-a8ab-c57e306018c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si0**@AZ ]Ɋ& !AZ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=20f8e155-7467-4e46-b922-c462bc2d89a7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a09de0e0-3a4d-409d-a8ab-c57e306018c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**"] ]Ɋ& )!X"] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**"] ]Ɋ& A!X"] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**"] ]Ɋ& =!X"] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mI**"] ]Ɋ& 5!X"] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-5**"] ]Ɋ& 5!X"] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**"] ]Ɋ& 7!X"] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**0"] ]Ɋ& !"] F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b5f72a1-a453-4ab0-aa04-9d420bab2a44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@S] ]Ɋ& !S] F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5c57884-53dc-42d5-9138-29ff0e1db855 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b5f72a1-a453-4ab0-aa04-9d420bab2a44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XS] ]Ɋ& !XS] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= X**pS] ]Ɋ& !XS] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=~p**hS] ]Ɋ& !XS] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`S] ]Ɋ& !XS] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`S] ]Ɋ& !XS] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hS] ]Ɋ& !XS] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**S] ]Ɋ&  !S] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ebad93eb-eda0-4dec-a0de-e106c9f21e4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=None**] ]Ɋ& !] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=812ffedd-3b78-4897-9b07-7d5308182824 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ebad93eb-eda0-4dec-a0de-e106c9f21e4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**8] ]Ɋ& !X] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P] ]Ɋ& !X] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P] ]Ɋ& !X] F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H] ]Ɋ& !X] F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H] ]Ɋ& !X] F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H] ]Ɋ& !X] F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**] ]Ɋ& !] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ce62ca9-b04b-441d-a935-a8c68384e9a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**] ]Ɋ& !] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ef905560-c448-4ad6-ad67-9ceb292c7a02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ce62ca9-b04b-441d-a935-a8c68384e9a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X%] ]Ɋ& !X%] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mandXne= En ]Ɋ& X%] F& F&ndPath= CommandLine=8F& ElfChnk@vX ѤMu=VysMc&&**p%] ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!X%] F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**h%] ]Ɋ& !X%] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**`%] ]Ɋ& !X%] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`%] ]Ɋ& !X%] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=97`**`%] ]Ɋ& !X%] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**%] ]Ɋ& !%] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b8504b3b-8519-48b5-9ada-d00a7f0b738f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**%] ]Ɋ& !%] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=19f4769c-ad98-4569-8630-1e4182bf01a2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b8504b3b-8519-48b5-9ada-d00a7f0b738f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(%] ]Ɋ& !X%] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@%] ]Ɋ& !X%] F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@%] ]Ɋ& !X%] F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8%] ]Ɋ& !X%] F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8%] ]Ɋ& !X%] F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8%] ]Ɋ& !X%] F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**%] ]Ɋ& !%] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f8460eb2-2f81-4e91-892e-e60bf3e40d7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**] ]Ɋ& !] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=215bf68e-f210-4fbb-a91e-a7d01ed349aa HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f8460eb2-2f81-4e91-892e-e60bf3e40d7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**XN] ]Ɋ& !XN] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pN] ]Ɋ& !XN] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pN] ]Ɋ& !XN] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**hN] ]Ɋ& !XN] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hN] ]Ɋ& !XN] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hN] ]Ɋ& !XN] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**N] ]Ɋ&  !N] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4fd09fab-bc89-4290-899f-35794fd1c9b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **] ]Ɋ& !] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a084f930-d57b-47f8-8d56-4fb45e0cb9cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4fd09fab-bc89-4290-899f-35794fd1c9b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4e4**] ]Ɋ& '!X] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5**] ]Ɋ& ?!X] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**] ]Ɋ& ;!X] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**] ]Ɋ& 3!X] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**] ]Ɋ& 3!X] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**] ]Ɋ& 5!X] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0] ]Ɋ& !] F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=86f60cfb-ce04-4671-8865-499d5bc93ef1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@] ]Ɋ& !] F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=293c3327-457b-4b3f-b4ae-9973a238a273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=86f60cfb-ce04-4671-8865-499d5bc93ef1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**>}_ ]Ɋ& )!X>}_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**>}_ ]Ɋ& A!X>}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**>}_ ]Ɋ& =!X>}_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **>}_ ]Ɋ& 5!X>}_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=97**>}_ ]Ɋ& 5!X>}_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**>}_ ]Ɋ& 7!X>}_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0>}_ ]Ɋ& !>}_ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52172c18-286d-44ae-bacb-52f9be58f6b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@0@}_ ]Ɋ& !0@}_ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fc7ff55c-8f13-4c6c-8fe5-443dfa4240d7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=52172c18-286d-44ae-bacb-52f9be58f6b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X@}_ ]Ɋ& !X@}_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p@}_ ]Ɋ& !X@}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h@}_ ]Ɋ& !X@}_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`@}_ ]Ɋ& !X@}_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`@}_ ]Ɋ& !X@}_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h@}_ ]Ɋ& !X@}_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**@}_ ]Ɋ&  !@}_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92ed80ac-c0b0-4ef3-b563-66de029fa6e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng**@}_ ]Ɋ& !@}_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7ead914e-fdfe-40c7-baeb-2b67867df442 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92ed80ac-c0b0-4ef3-b563-66de029fa6e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8-aA}_ ]Ɋ& !X-aA}_ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**P-aA}_ ]Ɋ& !X-aA}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF& F&ndPath= CommandLine=8F& ElfChnk 7N WMu=VysMc&&**P-aA}_ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!X-aA}_ F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**H-aA}_ ]Ɋ& !X-aA}_ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H-aA}_ ]Ɋ& !X-aA}_ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**H-aA}_ ]Ɋ& !X-aA}_ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH**-aA}_ ]Ɋ& !-aA}_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59245d17-1112-478e-b20a-7cab2bfe3bc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**-aA}_ ]Ɋ& !-aA}_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=42242112-6357-4f38-8574-3c0c8eb0733b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59245d17-1112-478e-b20a-7cab2bfe3bc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**XA}_ ]Ɋ& !XA}_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**pA}_ ]Ɋ& !XA}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**hA}_ ]Ɋ& !XA}_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**`A}_ ]Ɋ& !XA}_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1e`**`A}_ ]Ɋ& !XA}_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**`A}_ ]Ɋ& !XA}_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**A}_ ]Ɋ& !A}_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a859434-fda5-4f86-aee8-ed0b5e200af1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**A}_ ]Ɋ& !A}_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f907ed78-24ce-43a4-ae1e-ee7e76cee379 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a859434-fda5-4f86-aee8-ed0b5e200af1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**(ZB}_ ]Ɋ& !XZB}_ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@ZB}_ ]Ɋ& !XZB}_ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@ZB}_ ]Ɋ& !XZB}_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**8ZB}_ ]Ɋ& !XZB}_ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**8ZB}_ ]Ɋ& !XZB}_ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**8ZB}_ ]Ɋ& !XZB}_ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**ZB}_ ]Ɋ& !ZB}_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b34afee6-866c-4c34-96e3-f57d46bc0776 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ***C}_ ]Ɋ& !*C}_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1b826bed-aec2-42fc-92f9-fa15d32703f6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b34afee6-866c-4c34-96e3-f57d46bc0776 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**XD}_ ]Ɋ& !XD}_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pD}_ ]Ɋ& !XD}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**pD}_ ]Ɋ& !XD}_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**hD}_ ]Ɋ& !XD}_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**h D}_ ]Ɋ& !XD}_  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h D}_ ]Ɋ& !XD}_  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh** D}_ ]Ɋ&  !D}_  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fd11adb-4625-4bf0-b65c-782b1aad2501 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** KE}_ ]Ɋ& !KE}_  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a9920412-2daa-47e0-8750-384c50eece85 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1fd11adb-4625-4bf0-b65c-782b1aad2501 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq** %F}_ ]Ɋ& '!X%F}_  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**%F}_ ]Ɋ& ?!X%F}_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**%F}_ ]Ɋ& ;!X%F}_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**%F}_ ]Ɋ& 3!X%F}_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **%F}_ ]Ɋ& 3!X%F}_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**%F}_ ]Ɋ& 5!X%F}_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0%F}_ ]Ɋ& !%F}_ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cee6f6fd-eda1-4eeb-b5a9-c8fecb4a6daa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@xF}_ ]Ɋ& !xF}_ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=331ab9c5-dc8e-4b5c-830d-89ae50412f63 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=cee6f6fd-eda1-4eeb-b5a9-c8fecb4a6daa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**a ]Ɋ& )!Xa F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**a ]Ɋ& A!Xa F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**a ]Ɋ& =!Xa F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**a ]Ɋ& 5!Xa F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**a ]Ɋ& 5!Xa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**a ]Ɋ& 7!Xa F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0Aa ]Ɋ& !Aa F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d261511-6aed-4046-8e4b-e09094a221ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@Aa ]Ɋ& !Aa F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ab099bb7-1a1f-43b3-89aa-2a4ca3839443 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d261511-6aed-4046-8e4b-e09094a221ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**XAa ]Ɋ& !XAa F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fa6X**pAa ]Ɋ& !XAa F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**hAa ]Ɋ& !XAa F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XAa  F&dLine=8F& ElfChnk O O(2\J#1Mu=VysMc&&**h Aa ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!XAa  F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-aAh**`!Aa ]Ɋ& !XAa! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h"Aa ]Ɋ& !XAa" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**#Aa ]Ɋ&  !Aa# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70a58388-00c8-4e8b-ba32-c36c25c78658 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$na ]Ɋ& !na$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d17cc2e-826e-401d-8891-5be58441e23b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70a58388-00c8-4e8b-ba32-c36c25c78658 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**8%na ]Ɋ& !Xna% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P&na ]Ɋ& !Xna& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P'na ]Ɋ& !Xna' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H(na ]Ɋ& !Xna( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H)na ]Ɋ& !Xna) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_H**H*na ]Ɋ& !Xna* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**+na ]Ɋ& !na+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=db330a59-ebc4-4bf0-94fb-29588ec9d6d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,na ]Ɋ& !na, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a4a27abf-ef47-4413-a376-d48bfa512745 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=db330a59-ebc4-4bf0-94fb-29588ec9d6d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X-sa ]Ɋ& !Xsa- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**p.sa ]Ɋ& !Xsa. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**h/sa ]Ɋ& !Xsa/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**`0sa ]Ɋ& !Xsa0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`1sa ]Ɋ& !Xsa1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`2sa ]Ɋ& !Xsa2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**3sa ]Ɋ& !sa3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37bcb67d-8f45-41d5-93e9-3a7bb694f314 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4sa ]Ɋ& !sa4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f9d1daeb-29e0-41a5-b40a-ae4b15bce4e7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37bcb67d-8f45-41d5-93e9-3a7bb694f314 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**(5sa ]Ɋ& !Xsa5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@6sa ]Ɋ& !Xsa6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@7sa ]Ɋ& !Xsa7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**88sa ]Ɋ& !Xsa8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**89sa ]Ɋ& !Xsa9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8758**8:sa ]Ɋ& !Xsa: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**;sa ]Ɋ& !sa; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6964d0ad-0ca2-4d6f-8eee-a1ce192c650b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<2a ]Ɋ& !2a< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e901d22c-5ac1-4509-9929-899f18e24c2b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6964d0ad-0ca2-4d6f-8eee-a1ce192c650b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **X=_a ]Ɋ& !X_a= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p>_a ]Ɋ& !X_a> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p?_a ]Ɋ& !X_a? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**h@_a ]Ɋ& !X_a@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**hA_a ]Ɋ& !X_aA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**hB_a ]Ɋ& !X_aB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**C_a ]Ɋ&  !_aC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fcbee28b-bea2-4945-895a-3df8c3bdff30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Dma ]Ɋ& !maD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=af3421c5-1b85-4563-9007-3f5cd6942220 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fcbee28b-bea2-4945-895a-3df8c3bdff30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **Ema ]Ɋ& '!XmaE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**Fma ]Ɋ& ?!XmaF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**Gma ]Ɋ& ;!XmaG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**Hma ]Ɋ& 3!XmaH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**Ima ]Ɋ& 3!XmaI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS**Jma ]Ɋ& 5!XmaJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**0Kma ]Ɋ& !maK F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3eb33533-5a9b-4ac4-a7e6-5b452f099545 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@L"a ]Ɋ& !"aL F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d9a161cd-b41e-4b7e-b24b-4d005a23b1e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3eb33533-5a9b-4ac4-a7e6-5b452f099545 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**M+d ]Ɋ& )!X+dM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**N+d ]Ɋ& A!X+dN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**O+d ]Ɋ& =!X+dO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX+dP F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XAa  F&dLine=8F& ElfChnkPPp)&AI3Mu=VysMc&&**P+d ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X+dP F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **Q+d ]Ɋ& 5!X+dQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**R+d ]Ɋ& 7!X+dR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0S+d ]Ɋ& !+dS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf0291b4-e431-458b-b01d-12d21ad80408 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@T+d ]Ɋ& !+dT F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=01d134ac-8890-4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf0291b4-e431-458b-b01d-12d21ad80408 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1e2@**XU+d ]Ɋ& !X+dU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**pV+d ]Ɋ& !X+dV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ef4p**hW+d ]Ɋ& !X+dW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4h**`X+d ]Ɋ& !X+dX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`Y+d ]Ɋ& !X+dY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hZ+d ]Ɋ& !X+dZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**[+d ]Ɋ&  !+d[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=175ce887-ed97-4d58-8bb1-f5dcde875401 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS**\o+d ]Ɋ& !o+d\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=671cbffb-9e38-4b52-91c5-a1af5a9775e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=175ce887-ed97-4d58-8bb1-f5dcde875401 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8]o+d ]Ɋ& !Xo+d] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**P^o+d ]Ɋ& !Xo+d^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**P_o+d ]Ɋ& !Xo+d_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**H`o+d ]Ɋ& !Xo+d` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**Hao+d ]Ɋ& !Xo+da F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**Hbo+d ]Ɋ& !Xo+db F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4b1H**co+d ]Ɋ& !o+dc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=60fd8e84-d973-40ef-9c4f-278525c014f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**do+d ]Ɋ& !o+dd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=690afc4d-f02d-4b0d-8030-7ff4d3bc7d64 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=60fd8e84-d973-40ef-9c4f-278525c014f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**Xe+d ]Ɋ& !X+de F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e901X**pf+d ]Ɋ& !X+df F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**hg+d ]Ɋ& !X+dg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`h+d ]Ɋ& !X+dh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`i+d ]Ɋ& !X+di F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`j+d ]Ɋ& !X+dj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**k+d ]Ɋ& !+dk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48ea3303-b984-42e5-9f5c-4bd7e9337579 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**l+d ]Ɋ& !+dl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=327097ca-7c25-4247-9560-32a358194ded HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48ea3303-b984-42e5-9f5c-4bd7e9337579 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=22c**(m+d ]Ɋ& !X+dm F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@n+d ]Ɋ& !X+dn F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@o+d ]Ɋ& !X+do F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8p+d ]Ɋ& !X+dp F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8q+d ]Ɋ& !X+dq F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8r+d ]Ɋ& !X+dr F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8**s+d ]Ɋ& !+ds F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e6df2b97-e6e0-4945-ae0e-bfeecfa459b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=00**tD9+d ]Ɋ& !D9+dt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ad453381-e382-4b61-804c-1c646c104af9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e6df2b97-e6e0-4945-ae0e-bfeecfa459b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**Xu+d ]Ɋ& !X+du F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**pv+d ]Ɋ& !X+dv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pw+d ]Ɋ& !X+dw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hx+d ]Ɋ& !X+dx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**hy+d ]Ɋ& !X+dy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**hz+d ]Ɋ& !X+dz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b1h**{+d ]Ɋ&  !+d{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=55929b16-4e7d-4df6-bcff-1435af856f53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**|+d ]Ɋ& !+d| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9588a246-1c26-484d-9937-99a9f564e3bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=55929b16-4e7d-4df6-bcff-1435af856f53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue**}+d ]Ɋ& '!X+d} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**~+d ]Ɋ& ?!X+d~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**+d ]Ɋ& ;!X+d F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**+d ]Ɋ& 3!X+d F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioX+d F&4013-8457-6815fc0df6a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX+dP F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XAa  F&dLine=8F& ElfChnkHHrK5)Mu=VysMc&&** +d ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X+d F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **+d ]Ɋ& 5!X+d F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0+d ]Ɋ& !+d F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e7725b07-094f-45b5-892b-057f779ee8a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=450**@44+d ]Ɋ& !44+d F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b4282755-1023-4a4c-a904-b46f56d82218 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e7725b07-094f-45b5-892b-057f779ee8a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**f ]Ɋ& )!Xf F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **f ]Ɋ& A!Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**f ]Ɋ& =!Xf F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**f ]Ɋ& 5!Xf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5a**f ]Ɋ& 5!Xf F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns**f ]Ɋ& 7!Xf F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0Jf ]Ɋ& !Jf F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2108218a-ca7e-4fcd-8d6d-fafc90f20fe0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@f ]Ɋ& !f F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=705ad621-6dd7-49ab-8efe-fe52f2f41a75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2108218a-ca7e-4fcd-8d6d-fafc90f20fe0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**XG{f ]Ɋ& !XG{f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**pG{f ]Ɋ& !XG{f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hG{f ]Ɋ& !XG{f F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`G{f ]Ɋ& !XG{f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`G{f ]Ɋ& !XG{f F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hG{f ]Ɋ& !XG{f F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh**G{f ]Ɋ&  !G{f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a8959d8-56ba-425f-9734-eecc86c7b0d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe**G{f ]Ɋ& !G{f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=be8c2d4c-60a2-4427-b425-7eb0a54a019e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0a8959d8-56ba-425f-9734-eecc86c7b0d4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**8f ]Ɋ& !Xf F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**Pf ]Ɋ& !Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**Pf ]Ɋ& !Xf F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=+dP**Hf ]Ɋ& !Xf F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**Hf ]Ɋ& !Xf F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hf ]Ɋ& !Xf F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**f ]Ɋ& !f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0ba4f56f-b76e-4799-ab69-e603f05b359b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**f ]Ɋ& !f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2277dd08-4888-43e2-814b-843dd5a056ad HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0ba4f56f-b76e-4799-ab69-e603f05b359b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xf ]Ɋ& !Xf F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**pf ]Ɋ& !Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**hf ]Ɋ& !Xf F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`f ]Ɋ& !Xf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=61`**`f ]Ɋ& !Xf F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`f ]Ɋ& !Xf F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**f ]Ɋ& !f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=adf1980a-f73f-4b7f-9d6a-2774d37f8bb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**tf ]Ɋ& !tf F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9a1cb025-e03b-4d61-8c6e-e605d1ede1ef HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=adf1980a-f73f-4b7f-9d6a-2774d37f8bb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==e6**(tf ]Ɋ& !Xtf F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@tf ]Ɋ& !Xtf F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@tf ]Ɋ& !Xtf F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**8tf ]Ɋ& !Xtf F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8tf ]Ɋ& !Xtf F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8tf ]Ɋ& !Xtf F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**tf ]Ɋ& !tf F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2cac9b3a-e921-4648-8c46-ae20e9493a1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S**Ïf ]Ɋ& !Ïf F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b061741-d97c-4014-892a-5e9e146a4f20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2cac9b3a-e921-4648-8c46-ae20e9493a1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**Xeŏf ]Ɋ& !Xeŏf F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**peŏf ]Ɋ& !Xeŏf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**peŏf ]Ɋ& !Xeŏf F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**heŏf ]Ɋ& !Xeŏf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**heŏf ]Ɋ& !Xeŏf F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**heŏf ]Ɋ& !Xeŏf F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !eŏf F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk8RUz-Mu=VysMc&&** eŏf ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !eŏf F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **?Əf ]Ɋ& !?Əf F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aac241b8-73c3-46ba-b84a-54493a18e090 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=4**Əf ]Ɋ& '!XƏf F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**Əf ]Ɋ& ?!XƏf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**Əf ]Ɋ& ;!XƏf F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**Əf ]Ɋ& 3!XƏf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**Əf ]Ɋ& 3!XƏf F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **Əf ]Ɋ& 5!XƏf F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**0Əf ]Ɋ& !Əf F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=550083d0-b5aa-4bdd-b1d1-e5ab2dbaa1e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=180**@ ȏf ]Ɋ& ! ȏf F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=164db23c-c22c-4273-8d31-fbfe6d14d456 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=550083d0-b5aa-4bdd-b1d1-e5ab2dbaa1e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d P@**Oh ]Ɋ& )!XOh F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Oh ]Ɋ& A!XOh F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**Oh ]Ɋ& =!XOh F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Oh ]Ɋ& 5!XOh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**Oh ]Ɋ& 5!XOh F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl**Oh ]Ɋ& 7!XOh F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0Oh ]Ɋ& !Oh F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=371eb9be-a3a9-4b10-9486-4ce040eb279e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@̀ h ]Ɋ& !̀ h F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fa819191-9652-40da-bfe8-6c9562c62bd4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=371eb9be-a3a9-4b10-9486-4ce040eb279e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art@**X̀ h ]Ɋ& !X̀ h F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d X**p̀ h ]Ɋ& !X̀ h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=p**h̀ h ]Ɋ& !X̀ h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ch**`̀ h ]Ɋ& !X̀ h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`̀ h ]Ɋ& !X̀ h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**h̀ h ]Ɋ& !X̀ h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tId=h**̀ h ]Ɋ&  !̀ h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=808a775e-7563-4785-bfb1-0775e831ffc6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=08-4**̀ h ]Ɋ& !̀ h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b98e0ce7-3267-4a2a-9e33-8da41cd72162 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=808a775e-7563-4785-bfb1-0775e831ffc6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**8c!h ]Ɋ& !Xc!h F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=038**Pc!h ]Ɋ& !Xc!h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tIP**Pc!h ]Ɋ& !Xc!h F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4.0P**Hc!h ]Ɋ& !Xc!h F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**Hc!h ]Ɋ& !Xc!h F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConsH**Hc!h ]Ɋ& !Xc!h F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**c!h ]Ɋ& !c!h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17ee1658-8ab9-418d-ad0c-480c503c77bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=equ**c!h ]Ɋ& !c!h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f81d7202-e3c0-482f-b0f8-046ba6143993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17ee1658-8ab9-418d-ad0c-480c503c77bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**Xc!h ]Ɋ& !Xc!h F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pc!h ]Ɋ& !Xc!h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Scp**hc!h ]Ɋ& !Xc!h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dOh**`c!h ]Ɋ& !Xc!h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns`**`c!h ]Ɋ& !Xc!h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh`**`c!h ]Ɋ& !Xc!h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**c!h ]Ɋ& !c!h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=219a2c26-c93a-4ece-bb22-8456a0349db3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**c!h ]Ɋ& !c!h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f2e89e09-a9d5-4e6f-8a81-8e8211a9ae78 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=219a2c26-c93a-4ece-bb22-8456a0349db3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(c!h ]Ɋ& !Xc!h F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m(**@c!h ]Ɋ& !Xc!h F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U@**@c!h ]Ɋ& !Xc!h F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8c!h ]Ɋ& !Xc!h F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ARE8**8c!h ]Ɋ& !Xc!h F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8c!h ]Ɋ& !Xc!h F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**c!h ]Ɋ& !c!h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=72b97cb9-e129-4ec8-89c1-64a74601c672 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co**J"h ]Ɋ& !J"h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e76a64b-f44d-4dbd-9cd0-4b9d80ac6610 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=72b97cb9-e129-4ec8-89c1-64a74601c672 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInf**X&"h ]Ɋ& !X&"h F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X&"h F&aceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk0'7=9 Mu=VysMc&&**x &"h ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! W!X&"h F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **p&"h ]Ɋ& !X&"h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**h&"h ]Ɋ& !X&"h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**h&"h ]Ɋ& !X&"h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h&"h ]Ɋ& !X&"h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**&"h ]Ɋ&  !&"h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f310367-17b1-4ce6-8bb1-4d54de932a1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**{#h ]Ɋ& !{#h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=56d2e31a-c17b-499f-9d22-0aba9f9e52cd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f310367-17b1-4ce6-8bb1-4d54de932a1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**S$h ]Ɋ& '!XS$h F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**S$h ]Ɋ& ?!XS$h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**S$h ]Ɋ& ;!XS$h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c95**S$h ]Ɋ& 3!XS$h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**S$h ]Ɋ& 3!XS$h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=562**S$h ]Ɋ& 5!XS$h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0S$h ]Ɋ& !S$h F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=12ab7fb4-8e8c-45c7-a85f-bdbe81f63929 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@$h ]Ɋ& !$h F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=49044ef3-8e70-4088-88dd-87fcb775b5a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=12ab7fb4-8e8c-45c7-a85f-bdbe81f63929 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**pQ>k ]Ɋ& )!XpQ>k F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **pQ>k ]Ɋ& A!XpQ>k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**pQ>k ]Ɋ& =!XpQ>k F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**pQ>k ]Ɋ& 5!XpQ>k F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**pQ>k ]Ɋ& 5!XpQ>k F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**pQ>k ]Ɋ& 7!XpQ>k F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0pQ>k ]Ɋ& !pQ>k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62510f8c-d14c-40f8-a25c-2cfcaeb9e98e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@ER>k ]Ɋ& !ER>k F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2141a115-3b00-4b37-b533-036a19ed1826 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62510f8c-d14c-40f8-a25c-2cfcaeb9e98e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X4R>k ]Ɋ& !X4R>k F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p4R>k ]Ɋ& !X4R>k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h4R>k ]Ɋ& !X4R>k F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`4R>k ]Ɋ& !X4R>k F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`4R>k ]Ɋ& !X4R>k F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h4R>k ]Ɋ& !X4R>k F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**4R>k ]Ɋ&  !4R>k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c50166e-0335-45a6-aa52-c3ecc64b27fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**4R>k ]Ɋ& !4R>k F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f2384425-b270-4988-8df2-c1820a82b2f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c50166e-0335-45a6-aa52-c3ecc64b27fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**84R>k ]Ɋ& !X4R>k F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**P4R>k ]Ɋ& !X4R>k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P4R>k ]Ɋ& !X4R>k F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H4R>k ]Ɋ& !X4R>k F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**H 4R>k ]Ɋ& !X4R>k  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**H 4R>k ]Ɋ& !X4R>k  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH** vS>k ]Ɋ& !vS>k  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34d32956-a42f-4049-941e-9ca659fcfd84 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou** vS>k ]Ɋ& !vS>k  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=593ca499-40b9-44a6-a2f7-664e41c6ce90 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34d32956-a42f-4049-941e-9ca659fcfd84 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X aT>k ]Ɋ& !XaT>k  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**paT>k ]Ɋ& !XaT>k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**haT>k ]Ɋ& !XaT>k F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`aT>k ]Ɋ& !XaT>k F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`aT>k ]Ɋ& !XaT>k F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`aT>k ]Ɋ& !XaT>k F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**aT>k ]Ɋ& !aT>k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a08cda6b-a877-42ef-9965-5e5b4a4bb22b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**aT>k ]Ɋ& !aT>k F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=283335e8-a358-4712-b48f-f9ba08ee7d60 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a08cda6b-a877-42ef-9965-5e5b4a4bb22b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(aT>k ]Ɋ& !XaT>k F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@aT>k ]Ɋ& !XaT>k F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@aT>k ]Ɋ& !XaT>k F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@ 65535 Eng ]Ɋ& ndXaT>k F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X&"h F&aceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkHHpRܻXMu=VysMc&&**8 aT>k ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XaT>k F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8aT>k ]Ɋ& !XaT>k F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8aT>k ]Ɋ& !XaT>k F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**T>k ]Ɋ& !T>k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4cfbe3ff-3b10-45f3-bc19-df0deed55f82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=56**@U>k ]Ɋ& !@U>k F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4a95c096-356c-4772-8f98-b6524856e11c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4cfbe3ff-3b10-45f3-bc19-df0deed55f82 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**XqV>k ]Ɋ& !XqV>k F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pqV>k ]Ɋ& !XqV>k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pqV>k ]Ɋ& !XqV>k F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h qV>k ]Ɋ& !XqV>k  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**h!qV>k ]Ɋ& !XqV>k! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**h"qV>k ]Ɋ& !XqV>k" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0-h**#qV>k ]Ɋ&  !qV>k# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e26c7d77-3144-458f-8439-c866aa14d9c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**$Q W>k ]Ɋ& !Q W>k$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1f9a364f-9665-4867-8ed4-1ca47d7b3a60 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e26c7d77-3144-458f-8439-c866aa14d9c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[**%W>k ]Ɋ& '!XW>k% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**&W>k ]Ɋ& ?!XW>k& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**'W>k ]Ɋ& ;!XW>k' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**(W>k ]Ɋ& 3!XW>k( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **)W>k ]Ɋ& 3!XW>k) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp***W>k ]Ɋ& 5!XW>k* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0+W>k ]Ɋ& !W>k+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7da3e61b-e677-4685-8ed5-7ac13299a76f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@,~;X>k ]Ɋ& !~;X>k, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c3187f1-8637-4d4d-b31c-3024220a6f8f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7da3e61b-e677-4685-8ed5-7ac13299a76f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@**-q_m ]Ɋ& )!Xq_m- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**.q_m ]Ɋ& A!Xq_m. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**/q_m ]Ɋ& =!Xq_m/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**0q_m ]Ɋ& 5!Xq_m0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**1q_m ]Ɋ& 5!Xq_m1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**2q_m ]Ɋ& 7!Xq_m2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**03q_m ]Ɋ& !q_m3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=466e7577-d12a-4548-99cf-d1081a758386 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@4m ]Ɋ& !m4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efd51f2c-d2c4-4546-a05e-a6cf831670b6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=466e7577-d12a-4548-99cf-d1081a758386 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=70-@**X5m ]Ɋ& !Xm5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**p6m ]Ɋ& !Xm6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**h7m ]Ɋ& !Xm7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4h**`8m ]Ɋ& !Xm8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6`**`9m ]Ɋ& !Xm9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1`**h:m ]Ɋ& !Xm: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**;m ]Ɋ&  !m; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=16ad635e-845d-49d7-8c57-90241431cbb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**<m ]Ɋ& !m< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2b1129f4-7681-44d3-a556-12dad9e40ee4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=16ad635e-845d-49d7-8c57-90241431cbb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8=m ]Ɋ& !Xm= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**P>m ]Ɋ& !Xm> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**P?m ]Ɋ& !Xm? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**H@m ]Ɋ& !Xm@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ee7dH**HAm ]Ɋ& !XmA F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-b48H**HBm ]Ɋ& !XmB F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e8-H**Cm ]Ɋ& !mC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=168ce361-5d72-4d90-85af-204a325da152 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d60**D4)m ]Ɋ& !4)mD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d9a1c9a1-6219-45c7-9195-161e42ef93d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=168ce361-5d72-4d90-85af-204a325da152 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**XE4)m ]Ɋ& !X4)mE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**pF4)m ]Ɋ& !X4)mF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**hG4)m ]Ɋ& !X4)mG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`H4)m ]Ɋ& !X4)mH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CX4)mI F&wid@ 65535 Eng ]Ɋ& ndXaT>k F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X&"h F&aceId=3bee8508-44db-49c2-a5fd-141256ba6609 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkIyIy@VcMu=VysMc&&**hI4)m ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X4)mI F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`J4)m ]Ɋ& !X4)mJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**K4)m ]Ɋ& !4)mK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e2fcee7-f643-4098-9adb-eed9ef54c698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**L4)m ]Ɋ& !4)mL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5d2b8259-f194-4e88-a542-75e76e5df2cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e2fcee7-f643-4098-9adb-eed9ef54c698 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(Mm ]Ɋ& !XmM F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@Nm ]Ɋ& !XmN F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@Om ]Ɋ& !XmO F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8Pm ]Ɋ& !XmP F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8Qm ]Ɋ& !XmQ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8Rm ]Ɋ& !XmR F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**Sm ]Ɋ& !mS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ec6c71eb-c20d-4467-a28a-d1c02186e7f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**TaZm ]Ɋ& !aZmT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2a94110c-f8de-4056-bbca-2525f3e20ce7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ec6c71eb-c20d-4467-a28a-d1c02186e7f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**XUm ]Ɋ& !XmU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**pVm ]Ɋ& !XmV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**pWm ]Ɋ& !XmW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**hXm ]Ɋ& !XmX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hYm ]Ɋ& !XmY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hZm ]Ɋ& !XmZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**[m ]Ɋ&  !m[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=65fac5e6-2b9e-4c88-8638-8e614dc526ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**\%$m ]Ɋ& !%$m\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fe3684af-67e2-4fea-95e6-f7906d5240c6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=65fac5e6-2b9e-4c88-8638-8e614dc526ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**]%$m ]Ɋ& '!X%$m] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**^%$m ]Ɋ& ?!X%$m^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**_%$m ]Ɋ& ;!X%$m_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**`%$m ]Ɋ& 3!X%$m` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==ef**a%$m ]Ɋ& 3!X%$ma F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**b%$m ]Ɋ& 5!X%$mb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=54**0c%$m ]Ɋ& !%$mc F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=662818c8-42a6-4351-aa70-b7aa644e39b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@dm ]Ɋ& !md F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=09a9ba36-9f8d-4446-ba42-de46e444e552 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=662818c8-42a6-4351-aa70-b7aa644e39b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**eo ]Ɋ& )!Xoe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**fo ]Ɋ& A!Xof F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **go ]Ɋ& =!Xog F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**ho ]Ɋ& 5!Xoh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**io ]Ɋ& 5!Xoi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **jo ]Ɋ& 7!Xoj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0ko ]Ɋ& !ok F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e21a9ad9-329a-49b6-af0e-a3f13f66d2e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@l%o ]Ɋ& !%ol F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d6c58641-50e6-4ee3-8910-992e5e137b33 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e21a9ad9-329a-49b6-af0e-a3f13f66d2e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**Xm%o ]Ɋ& !X%om F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pn%o ]Ɋ& !X%on F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**ho%o ]Ɋ& !X%oo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`p%o ]Ɋ& !X%op F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`q%o ]Ɋ& !X%oq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hr%o ]Ɋ& !X%or F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**s%o ]Ɋ&  !%os F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=535d4358-c02e-41cf-b70a-12dfe96003fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**t%o ]Ɋ& !%ot F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=02505dcc-7e4b-4deb-83c5-92a64171da14 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=535d4358-c02e-41cf-b70a-12dfe96003fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8u%o ]Ɋ& !X%ou F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**Pv%o ]Ɋ& !X%ov F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**Pw%o ]Ɋ& !X%ow F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**Hx%o ]Ɋ& !X%ox F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**Hy%o ]Ɋ& !X%oy F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ba66H PipelineI ]Ɋ&  X%oz F&ElfChnkzzhAMu=VysMc&&**Hz%o ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! +!X%oz F&F%g>9{p(xlMD EventDatauoData !BinaryxVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**{%o ]Ɋ& !%o{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0528b87-eb16-42c5-abf9-c175d0b2fd75 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4)**|o ]Ɋ& !o| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a199153-2d04-41f7-ad7c-c1f2fca99d9e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0528b87-eb16-42c5-abf9-c175d0b2fd75 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}o ]Ɋ& !Xo} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p~o ]Ɋ& !Xo~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**ho ]Ɋ& !Xo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`o ]Ɋ& !Xo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`o ]Ɋ& !Xo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`o ]Ɋ& !Xo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**o ]Ɋ& !o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b586d8cc-6653-4587-b3dd-dcd5b885520a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**o ]Ɋ& !o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dcb4bad2-066e-48ee-813e-f064548874a0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b586d8cc-6653-4587-b3dd-dcd5b885520a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(o ]Ɋ& !Xo F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@o ]Ɋ& !Xo F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@o ]Ɋ& !Xo F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8o ]Ɋ& !Xo F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8o ]Ɋ& !Xo F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==fe8**8o ]Ɋ& !Xo F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**o ]Ɋ& !o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d678939-17cd-4400-9111-5ae884c64008 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**R9o ]Ɋ& !R9o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=039bdf5d-1faf-4732-b933-e3a156a33b09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d678939-17cd-4400-9111-5ae884c64008 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**Xjo ]Ɋ& !Xjo F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pjo ]Ɋ& !Xjo F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pjo ]Ɋ& !Xjo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**hjo ]Ɋ& !Xjo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hjo ]Ɋ& !Xjo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hjo ]Ɋ& !Xjo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**jo ]Ɋ&  !jo F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ff4a2e8-1060-452f-a7a0-a5fb49fa1a16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**o ]Ɋ& !o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4aff6846-d0f5-4dbe-995c-a60ea276f4d5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ff4a2e8-1060-452f-a7a0-a5fb49fa1a16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **o ]Ɋ& '!Xo F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**o ]Ɋ& ?!Xo F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**o ]Ɋ& ;!Xo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**o ]Ɋ& 3!Xo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**o ]Ɋ& 3!Xo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**o ]Ɋ& 5!Xo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0o ]Ɋ& !o F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4be2604f-4e42-4e26-ad2e-01e03faa3381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@o ]Ɋ& !o F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2f7e210f-2852-4689-a479-55cce97efc2b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4be2604f-4e42-4e26-ad2e-01e03faa3381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 @**.iEQr ]Ɋ& )!X.iEQr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uctS**.iEQr ]Ɋ& A!X.iEQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=curi**.iEQr ]Ɋ& =!X.iEQr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **.iEQr ]Ɋ& 5!X.iEQr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **.iEQr ]Ɋ& 5!X.iEQr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi**.iEQr ]Ɋ& 7!X.iEQr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0.iEQr ]Ɋ& !.iEQr F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=865acbc2-085e-483f-a9bd-f662b8d69604 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@FQr ]Ɋ& !FQr F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=866de951-d78e-4ec1-93e9-d7316a646a2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=865acbc2-085e-483f-a9bd-f662b8d69604 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X[FQr ]Ɋ& !X[FQr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p[FQr ]Ɋ& !X[FQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h[FQr ]Ɋ& !X[FQr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`[FQr ]Ɋ& !X[FQr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`[FQr ]Ɋ& !X[FQr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h[FQr ]Ɋ& !X[FQr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h ]Ɋ& X%oz[FQrElfChnksLՓMu=VysMc&&**[FQr ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ![FQr F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a28cd1d8-856f-4f13-81e0-a2786d3d2b5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[FQr ]Ɋ& ![FQr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1c9af16a-a5b5-4d70-a6ec-7d3c5693ec4f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a28cd1d8-856f-4f13-81e0-a2786d3d2b5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8[FQr ]Ɋ& !X[FQr F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P[FQr ]Ɋ& !X[FQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**P[FQr ]Ɋ& !X[FQr F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**P**H[FQr ]Ɋ& !X[FQr F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**H[FQr ]Ɋ& !X[FQr F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**H[FQr ]Ɋ& !X[FQr F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**[FQr ]Ɋ& ![FQr F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=200eae16-be91-4608-9c54-c26fa91a99f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLi**[FQr ]Ɋ& ![FQr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=102c8bc1-6c26-4436-9b81-10534eb19acc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=200eae16-be91-4608-9c54-c26fa91a99f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**X2GQr ]Ɋ& !X2GQr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNamX**p2GQr ]Ɋ& !X2GQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**h2GQr ]Ɋ& !X2GQr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**`2GQr ]Ɋ& !X2GQr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca`**`2GQr ]Ɋ& !X2GQr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`2GQr ]Ɋ& !X2GQr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**2GQr ]Ɋ& !2GQr F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9473b056-8787-4aa9-9ec2-d6043db48561 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**2GQr ]Ɋ& !2GQr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e01d8bef-75b9-4dbe-b990-bd1f8999cb0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9473b056-8787-4aa9-9ec2-d6043db48561 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(2GQr ]Ɋ& !X2GQr F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@2GQr ]Ɋ& !X2GQr F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@2GQr ]Ɋ& !X2GQr F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da@**82GQr ]Ɋ& !X2GQr F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on\8**82GQr ]Ɋ& !X2GQr F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver8**82GQr ]Ɋ& !X2GQr F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**2GQr ]Ɋ& !2GQr F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f4fe9df6-5221-4f5a-8483-6120320a6246 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri**GQr ]Ɋ& !GQr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1be112d4-9a56-4e54-b742-a285434f84ee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f4fe9df6-5221-4f5a-8483-6120320a6246 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | O**XHQr ]Ɋ& !XHQr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pHQr ]Ɋ& !XHQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**pHQr ]Ɋ& !XHQr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fo]p**hHQr ]Ɋ& !XHQr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hHQr ]Ɋ& !XHQr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hHQr ]Ɋ& !XHQr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Coh**HQr ]Ɋ&  !HQr F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c021e46-0729-4ced-85c9-e87c8f867ba4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**KIQr ]Ɋ& !KIQr F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=805d20f5-60f6-48c1-9b76-04568c85d9ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c021e46-0729-4ced-85c9-e87c8f867ba4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**KIQr ]Ɋ& '!XKIQr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**KIQr ]Ɋ& ?!XKIQr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**KIQr ]Ɋ& ;!XKIQr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as**KIQr ]Ɋ& 3!XKIQr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ing**KIQr ]Ɋ& 3!XKIQr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art**KIQr ]Ɋ& 5!XKIQr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65**0KIQr ]Ɋ& !KIQr F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9d7d08b5-19c2-4e84-8599-fbf9ec34ebaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@-JQr ]Ɋ& !-JQr F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f6e1cc1c-7e33-4f79-bbb9-39693dfea653 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9d7d08b5-19c2-4e84-8599-fbf9ec34ebaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=83f-@**#+t ]Ɋ& )!X#+t F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**#+t ]Ɋ& A!X#+t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**#+t ]Ɋ& =!X#+t F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=70**#+t ]Ɋ& 5!X#+t F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**#+t ]Ɋ& 5!X#+t F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**#+t ]Ɋ& 7!X#+t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0õt ]Ɋ& !õt F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a92f64e-b22d-4bb7-9c83-697335f46487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X%oz[FQrElfChnk Xϡk^Mu=VysMc&&**@P\t ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!P\t F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a92f64e-b22d-4bb7-9c83-697335f46487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XP\t ]Ɋ& !XP\t F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f13X**pP\t ]Ɋ& !XP\t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**hP\t ]Ɋ& !XP\t F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`P\t ]Ɋ& !XP\t F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`P\t ]Ɋ& !XP\t F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hP\t ]Ɋ& !XP\t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**P\t ]Ɋ&  !P\t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f6053da-d4ac-418a-b8ae-fd1cc55ada63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**t ]Ɋ& !t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b16864a9-3918-48b2-abdc-c9d2281f1bc1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f6053da-d4ac-418a-b8ae-fd1cc55ada63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8t ]Ɋ& !Xt F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**Pt ]Ɋ& !Xt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**Pt ]Ɋ& !Xt F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**Ht ]Ɋ& !Xt F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**Ht ]Ɋ& !Xt F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**Ht ]Ɋ& !Xt F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**t ]Ɋ& !t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9096aaac-55c7-4d1b-8fa2-190da98ab4cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**t ]Ɋ& !t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=78813733-ce39-4485-be9c-bf032f66f976 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9096aaac-55c7-4d1b-8fa2-190da98ab4cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**X}t ]Ɋ& !X}t F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-d60X**p}t ]Ɋ& !X}t F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h}t ]Ɋ& !X}t F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`}t ]Ɋ& !X}t F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6-`**`}t ]Ɋ& !X}t F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`}t ]Ɋ& !X}t F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**}t ]Ɋ& !}t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70b78f52-6d1b-4c17-bb8e-5bcb34077a3a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**}t ]Ɋ& !}t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6ce6c032-3b20-4118-a1fc-622783bec292 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=70b78f52-6d1b-4c17-bb8e-5bcb34077a3a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(}t ]Ɋ& !X}t F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@}t ]Ɋ& !X}t F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@}t ]Ɋ& !X}t F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8}t ]Ɋ& !X}t F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8}t ]Ɋ& !X}t F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8}t ]Ɋ& !X}t F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**}t ]Ɋ& !}t F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4beac25b-ccff-43cc-9ac3-f6454b2b5c5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **&t ]Ɋ& !&t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9ad2a160-75b9-42e0-a8ca-8c62d183f9d4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4beac25b-ccff-43cc-9ac3-f6454b2b5c5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**X@Wt ]Ɋ& !X@Wt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p@Wt ]Ɋ& !X@Wt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p@Wt ]Ɋ& !X@Wt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**h@Wt ]Ɋ& !X@Wt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**h@Wt ]Ɋ& !X@Wt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**h@Wt ]Ɋ& !X@Wt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh**@Wt ]Ɋ&  !@Wt F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7eba1a72-f819-47cb-9386-5190fd794dcc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ﹴt ]Ɋ& !ﹴt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ca1342c-8f09-4744-a0ac-d582c8cb85e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7eba1a72-f819-47cb-9386-5190fd794dcc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**mt ]Ɋ& '!Xmt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**mt ]Ɋ& ?!Xmt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**mt ]Ɋ& ;!Xmt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**mt ]Ɋ& 3!Xmt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro** mt ]Ɋ& 3!Xmt  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t** mt ]Ɋ& 5!Xmt  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0 mt ]Ɋ& !mt  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a8cbd926-c9a6-4141-9824-b7455c48fed2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os!t  F&on=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a92f64e-b22d-4bb7-9c83-697335f46487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X%oz[FQrElfChnk = =CxHMu=VysMc&&**@ !t ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!!t  F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=460f66dc-a1f2-44c0-b3a5-cbce2d161952 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a8cbd926-c9a6-4141-9824-b7455c48fed2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ ** 2ew ]Ɋ& )!X2ew  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=3 **2ew ]Ɋ& A!X2ew F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNa**2ew ]Ɋ& =!X2ew F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**2ew ]Ɋ& 5!X2ew F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **2ew ]Ɋ& 5!X2ew F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**2ew ]Ɋ& 7!X2ew F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **02ew ]Ɋ& !2ew F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f968825a-755e-412e-a28c-23bd599e8f62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@_ gw ]Ɋ& !_ gw F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c8703f1-2f3a-4eab-8492-bcde86f92ce5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f968825a-755e-412e-a28c-23bd599e8f62 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X_ gw ]Ɋ& !X_ gw F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p_ gw ]Ɋ& !X_ gw F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h_ gw ]Ɋ& !X_ gw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`_ gw ]Ɋ& !X_ gw F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`_ gw ]Ɋ& !X_ gw F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h_ gw ]Ɋ& !X_ gw F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**_ gw ]Ɋ&  !_ gw F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed63a535-4d13-480f-8e71-cb3dfdabbf45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **_ gw ]Ɋ& !_ gw F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3434725f-18f8-4ccd-8fd5-14066eab315b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed63a535-4d13-480f-8e71-cb3dfdabbf45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8_ gw ]Ɋ& !X_ gw F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P_ gw ]Ɋ& !X_ gw F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P_ gw ]Ɋ& !X_ gw F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H _ gw ]Ɋ& !X_ gw  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**H!_ gw ]Ɋ& !X_ gw! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**H"_ gw ]Ɋ& !X_ gw" F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**#_ gw ]Ɋ& !_ gw# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=560e7336-678b-4bf6-98a4-b8c253267d19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**$gw ]Ɋ& !gw$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b5314478-44df-45c0-a1cf-1dcfe5b6c151 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=560e7336-678b-4bf6-98a4-b8c253267d19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X%gw ]Ɋ& !Xgw% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p&gw ]Ɋ& !Xgw& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h'gw ]Ɋ& !Xgw' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`(gw ]Ɋ& !Xgw( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`)gw ]Ɋ& !Xgw) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`*gw ]Ɋ& !Xgw* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**+gw ]Ɋ& !gw+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6878a45-de6a-4028-8fac-9112569c51e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**,gw ]Ɋ& !gw, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7e993a7a-aad6-409c-a4da-beee14c6e5bb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6878a45-de6a-4028-8fac-9112569c51e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(-gw ]Ɋ& !Xgw- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0(**@.gw ]Ɋ& !Xgw. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@/gw ]Ɋ& !Xgw/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**80gw ]Ɋ& !Xgw0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**81gw ]Ɋ& !Xgw1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**82gw ]Ɋ& !Xgw2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**3gw ]Ɋ& !gw3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cec941d9-1c73-47d8-9e6f-aa3b295505ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**4;hw ]Ɋ& !;hw4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f6a931be-79dd-4d7a-8e7b-0f9f5f90364d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cec941d9-1c73-47d8-9e6f-aa3b295505ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X5liw ]Ɋ& !Xliw5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p6liw ]Ɋ& !Xliw6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p7liw ]Ɋ& !Xliw7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**h8liw ]Ɋ& !Xliw8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**h9liw ]Ɋ& !Xliw9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e2dh**h:liw ]Ɋ& !Xliw: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**;liw ]Ɋ&  !liw; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=06035823-5264-4dea-bfc5-f5cf8bfd90c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**<Pjw ]Ɋ& !Pjw< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=801c5dc8-b485-40a5-823b-be4f05c27be3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=06035823-5264-4dea-bfc5-f5cf8bfd90c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**=Pjw ]Ɋ& '!XPjw= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(n-US')))}} | ]Ɋ& dOXPjw> F&=4.0 RunspaceId=a8cbd926-c9a6-4141-9824-b7455c48fed2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os!t  F&on=4.0 HostId=9c8ada96-d6a1-4859-b362-ca7cb992ebbb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a92f64e-b22d-4bb7-9c83-697335f46487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X%oz[FQrElfChnk>p>p02r3QMu=VysMc&&** >Pjw ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XPjw> F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt **?Pjw ]Ɋ& ;!XPjw? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**@Pjw ]Ɋ& 3!XPjw@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma**APjw ]Ɋ& 3!XPjwA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0**BPjw ]Ɋ& 5!XPjwB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0CPjw ]Ɋ& !PjwC F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=76065de6-611e-4813-afdd-aaea81f0212c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI0**@Djw ]Ɋ& !jwD F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7d762980-ca6f-4f93-b02d-59c92759fadb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=76065de6-611e-4813-afdd-aaea81f0212c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**Ef4]cy ]Ɋ& )!Xf4]cyE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**Ff4]cy ]Ɋ& A!Xf4]cyF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntiv**Gf4]cy ]Ɋ& =!Xf4]cyG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**Hf4]cy ]Ɋ& 5!Xf4]cyH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=72**If4]cy ]Ɋ& 5!Xf4]cyI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um**Jf4]cy ]Ɋ& 7!Xf4]cyJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0Kf4]cy ]Ɋ& !f4]cyK F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4e95a2e5-0248-4bc0-9dec-c79bf8667a90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@L]cy ]Ɋ& !]cyL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d16d29c9-bcb8-47b9-b27b-e2e10704fce2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4e95a2e5-0248-4bc0-9dec-c79bf8667a90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= @**XMe^cy ]Ɋ& !Xe^cyM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==X**pNe^cy ]Ɋ& !Xe^cyN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_ gp**hOe^cy ]Ɋ& !Xe^cyO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`Pe^cy ]Ɋ& !Xe^cyP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Qe^cy ]Ɋ& !Xe^cyQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hRe^cy ]Ɋ& !Xe^cyR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**Se^cy ]Ɋ&  !e^cyS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d1cc6c7e-30b0-4999-a361-72af870fbaf7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=$**Te^cy ]Ɋ& !e^cyT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eb1d1171-0d0a-405d-a869-02e53c96150e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d1cc6c7e-30b0-4999-a361-72af870fbaf7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8U*^cy ]Ɋ& !X*^cyU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&8**PV*^cy ]Ɋ& !X*^cyV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PW*^cy ]Ɋ& !X*^cyW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HX*^cy ]Ɋ& !X*^cyX F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HY*^cy ]Ɋ& !X*^cyY F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HZ*^cy ]Ɋ& !X*^cyZ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**[*^cy ]Ɋ& !*^cy[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ff9034b8-0fb9-406e-93c1-402b16ad0ec5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****\*^cy ]Ɋ& !*^cy\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ab3c9f31-1f8f-4381-bbf8-6e37b3ffffbd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ff9034b8-0fb9-406e-93c1-402b16ad0ec5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X]_cy ]Ɋ& !X_cy] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginX**p^_cy ]Ɋ& !X_cy^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**h__cy ]Ɋ& !X_cy_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leh**``_cy ]Ɋ& !X_cy` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H`**`a_cy ]Ɋ& !X_cya F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`b_cy ]Ɋ& !X_cyb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**c_cy ]Ɋ& !_cyc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e8f720e-2e62-4f1c-9bca-d2392ed69251 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**d_cy ]Ɋ& !_cyd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bf21a69c-cb8b-4ef7-822c-c7185f0ae1a3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e8f720e-2e62-4f1c-9bca-d2392ed69251 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**(eW/`cy ]Ɋ& !XW/`cye F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@fW/`cy ]Ɋ& !XW/`cyf F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@gW/`cy ]Ɋ& !XW/`cyg F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= en@**8hW/`cy ]Ɋ& !XW/`cyh F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8iW/`cy ]Ɋ& !XW/`cyi F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li8**8jW/`cy ]Ɋ& !XW/`cyj F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**kW/`cy ]Ɋ& !W/`cyk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3e0b1b59-85d5-4ade-8de6-7db03e38244f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='i**l`cy ]Ɋ& !`cyl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=24599a87-605f-4174-ae0e-335d3be5cd47 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3e0b1b59-85d5-4ade-8de6-7db03e38244f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | f**Xmacy ]Ɋ& !Xacym F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pnacy ]Ɋ& !Xacyn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=op**poacy ]Ɋ& !Xacyo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,Dp**hpacy ]Ɋ& !Xacyp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nabhd | Out-Stri ]Ɋ& d=Xacyq F&5f46487 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X%oz[FQrElfChnkqq+ :AX1Mu=VysMc&&**h qacy ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!Xacyq F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **hracy ]Ɋ& !Xacyr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**sacy ]Ɋ&  !acys F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa00d398-8547-4b98-ab2a-666a5f00d3d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**tbcy ]Ɋ& !bcyt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=562be493-8607-46fa-bfbb-8b22d4edf38c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fa00d398-8547-4b98-ab2a-666a5f00d3d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**ubcy ]Ɋ& '!Xbcyu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**vbcy ]Ɋ& ?!Xbcyv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**wbcy ]Ɋ& ;!Xbcyw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2e1**xbcy ]Ɋ& 3!Xbcyx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ybcy ]Ɋ& 3!Xbcyy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=107**zbcy ]Ɋ& 5!Xbcyz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0{bcy ]Ɋ& !bcy{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ec5f0597-4c0d-437d-a2f6-7165bac45827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@|ccy ]Ɋ& !ccy| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d7ba80a5-fbd0-4933-b010-7a4bb6288273 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ec5f0597-4c0d-437d-a2f6-7165bac45827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**}<{ ]Ɋ& )!X<{} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **~<{ ]Ɋ& A!X<{~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**<{ ]Ɋ& =!X<{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**<{ ]Ɋ& 5!X<{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**<{ ]Ɋ& 5!X<{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**<{ ]Ɋ& 7!X<{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0"{ ]Ɋ& !"{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cbcd272-dae0-4323-8211-8657a7d64fcb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@m{ ]Ɋ& !m{ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4256d8d4-95c6-47b8-bef7-993554173894 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6cbcd272-dae0-4323-8211-8657a7d64fcb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**Xm{ ]Ɋ& !Xm{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=UX**pm{ ]Ɋ& !Xm{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**hm{ ]Ɋ& !Xm{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`m{ ]Ɋ& !Xm{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`m{ ]Ɋ& !Xm{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hm{ ]Ɋ& !Xm{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**m{ ]Ɋ&  !m{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=463385e6-ec78-43de-8315-dbeb7d5e0109 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**m{ ]Ɋ& !m{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5193b285-be47-43d7-b395-7c7d69b9deef HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=463385e6-ec78-43de-8315-dbeb7d5e0109 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8O{ ]Ɋ& !XO{ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**PO{ ]Ɋ& !XO{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PO{ ]Ɋ& !XO{ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**HO{ ]Ɋ& !XO{ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HO{ ]Ɋ& !XO{ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HO{ ]Ɋ& !XO{ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**O{ ]Ɋ& !O{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=57754171-afb7-47e2-a3d2-b9f1c76552a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**O{ ]Ɋ& !O{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9267d6b3-488d-4c21-8222-c5ffe155d5cf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=57754171-afb7-47e2-a3d2-b9f1c76552a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XO{ ]Ɋ& !XO{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**pO{ ]Ɋ& !XO{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**hO{ ]Ɋ& !XO{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`O{ ]Ɋ& !XO{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`O{ ]Ɋ& !XO{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`O{ ]Ɋ& !XO{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**O{ ]Ɋ& !O{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bada0056-8e0b-4426-8032-6aa0b76a159e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**O{ ]Ɋ& !O{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c3d2df9c-221b-4e30-8423-71fc065a9e0c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bada0056-8e0b-4426-8032-6aa0b76a159e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(O{ ]Ɋ& !XO{ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@O{ ]Ɋ& !XO{ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@O{ ]Ɋ& !XO{ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@**8O{ ]Ɋ& !XO{ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da8**8O{ ]Ɋ& !XO{ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\Un8**8O{ ]Ɋ& !XO{ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on8**{ ]Ɋ& !{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f3d1c09-d455-4757-8ad4-bd1546995050 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id CommandNam ]Ɋ&  |7{ F&%oz[FQrElfChnkp1fMu=VysMc&&** |7{ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! y!|7{ F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6db620e-44f1-44aa-aa63-bd02de34c618 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f3d1c09-d455-4757-8ad4-bd1546995050 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xh { ]Ɋ& !Xh { F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sX**ph { ]Ɋ& !Xh { F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**ph { ]Ɋ& !Xh { F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izep**hh { ]Ɋ& !Xh { F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hh { ]Ɋ& !Xh { F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**hh { ]Ɋ& !Xh { F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bh**h { ]Ɋ&  !h { F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22bbfb70-e5ea-4af7-b13e-dec7699678bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**h { ]Ɋ& !h { F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dfa67510-979d-4160-b372-5381769c91c4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22bbfb70-e5ea-4af7-b13e-dec7699678bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**@!{ ]Ɋ& '!X@!{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**@!{ ]Ɋ& ?!X@!{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**@!{ ]Ɋ& ;!X@!{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta**@!{ ]Ɋ& 3!X@!{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**@!{ ]Ɋ& 3!X@!{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate**@!{ ]Ɋ& 5!X@!{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**0@!{ ]Ɋ& !@!{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e3b70dab-3ba3-4064-afe4-d1afbfbff39d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st0**@֙!{ ]Ɋ& !֙!{ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c0a901b1-66a4-401d-8d5c-de503392c3b8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e3b70dab-3ba3-4064-afe4-d1afbfbff39d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam@**r~ ]Ɋ& )!Xr~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**r~ ]Ɋ& A!Xr~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**r~ ]Ɋ& =!Xr~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**r~ ]Ɋ& 5!Xr~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**r~ ]Ɋ& 5!Xr~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**r~ ]Ɋ& 7!Xr~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0r~ ]Ɋ& !r~ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd51c63c-27e9-4f82-9658-3b09921becf4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@g~ ]Ɋ& !g~ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e72991db-8252-4c16-8367-d788d16522f4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd51c63c-27e9-4f82-9658-3b09921becf4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X~ ]Ɋ& !X~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CX**p~ ]Ɋ& !X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**h~ ]Ɋ& !X~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`~ ]Ɋ& !X~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`~ ]Ɋ& !X~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h~ ]Ɋ& !X~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**~ ]Ɋ&  !~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8850e6f2-b65b-4eef-aa5c-b4cfd307d0b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**~ ]Ɋ& !~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e74f6e10-75ea-4cf9-ac3b-8db039afe272 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8850e6f2-b65b-4eef-aa5c-b4cfd307d0b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ew**8~ ]Ɋ& !X~ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P~ ]Ɋ& !X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P~ ]Ɋ& !X~ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H~ ]Ɋ& !X~ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H~ ]Ɋ& !X~ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H~ ]Ɋ& !X~ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**~ ]Ɋ& !~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d9f8b0c-eb43-42ff-97d3-f4e0f7fa2bb8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& !~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=249b2bd1-e2ef-4c9e-b1f5-17b3ca7360f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d9f8b0c-eb43-42ff-97d3-f4e0f7fa2bb8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X5~ ]Ɋ& !X5~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPatX**p5~ ]Ɋ& !X5~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginp**h5~ ]Ɋ& !X5~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alh**`5~ ]Ɋ& !X5~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fi`**`5~ ]Ɋ& !X5~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`5~ ]Ɋ& !X5~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**5~ ]Ɋ& !5~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea24c072-0809-4da4-aa09-1b815ec1fa2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**5~ ]Ɋ& !5~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ea2500d6-8458-41d8-8295-0312b95e428d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea24c072-0809-4da4-aa09-1b815ec1fa2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(5~ ]Ɋ& !X5~ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(andType= S ]Ɋ&  X5~ F&  |7{ F&%oz[FQrElfChnk0S8Mu=VysMc&&**H 5~ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! '!X5~ F&F%g>9{p(xlMD EventDatauoData !BinarytEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptH **@5~ ]Ɋ& !X5~ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIn@**85~ ]Ɋ& !X5~ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=isp8**85~ ]Ɋ& !X5~ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**85~ ]Ɋ& !X5~ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc8**5~ ]Ɋ& !5~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d95920a-b37e-4aba-b16c-b8af37786c95 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0~ ]Ɋ& !0~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6bf96b7e-b399-4963-8c47-96f0a8877cd6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d95920a-b37e-4aba-b16c-b8af37786c95 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa**Xa~ ]Ɋ& !Xa~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pa~ ]Ɋ& !Xa~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pa~ ]Ɋ& !Xa~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2bbp**ha~ ]Ɋ& !Xa~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**ha~ ]Ɋ& !Xa~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@!h**ha~ ]Ɋ& !Xa~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**a~ ]Ɋ&  !a~ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6861ef94-8e27-46a8-b226-b83b8d6376ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**~ ]Ɋ& !~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f146b04f-7d17-4324-899e-f14530965a23 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6861ef94-8e27-46a8-b226-b83b8d6376ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wers**~ ]Ɋ& '!X~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**~ ]Ɋ& ?!X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**~ ]Ɋ& ;!X~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**~ ]Ɋ& 3!X~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**~ ]Ɋ& 3!X~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**~ ]Ɋ& 5!X~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0~ ]Ɋ& !~ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=58abac9f-f2bc-4a02-8f8a-2818f5367dc8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f40**@&~ ]Ɋ& !&~ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b46361f8-bdce-4a30-a956-f433ef06ee0c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=58abac9f-f2bc-4a02-8f8a-2818f5367dc8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**B:u ]Ɋ& )!XB:u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam**B:u ]Ɋ& A!XB:u F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**B:u ]Ɋ& =!XB:u F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= A**B:u ]Ɋ& 5!XB:u F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**B:u ]Ɋ& 5!XB:u F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**B:u ]Ɋ& 7!XB:u F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0B:u ]Ɋ& !B:u F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=782425aa-f229-4080-8d10-f93f051c2162 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@u ]Ɋ& !u F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ceafdb2d-0623-41d7-bf77-7c4ac6cced49 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=782425aa-f229-4080-8d10-f93f051c2162 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xoku ]Ɋ& !Xoku F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**poku ]Ɋ& !Xoku F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hoku ]Ɋ& !Xoku F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`oku ]Ɋ& !Xoku F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`oku ]Ɋ& !Xoku F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hoku ]Ɋ& !Xoku F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**oku ]Ɋ&  !oku F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=890496c7-a7d3-417d-b273-6b057d5dc388 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Non**oku ]Ɋ& !oku F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8158c596-b203-4c72-9bb2-0a937f77a39d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=890496c7-a7d3-417d-b273-6b057d5dc388 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8oku ]Ɋ& !Xoku F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s 8**Poku ]Ɋ& !Xoku F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNP**Poku ]Ɋ& !Xoku F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StaP**Hoku ]Ɋ& !Xoku F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hoku ]Ɋ& !Xoku F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hoku ]Ɋ& !Xoku F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5H**oku ]Ɋ& !oku F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9521f75-78dd-4c8e-935f-fd1bd4fa1cda PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**oku ]Ɋ& !oku F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=59b14967-42e8-4a76-b53d-3b49085a5318 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9521f75-78dd-4c8e-935f-fd1bd4fa1cda PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pu ]Ɋ& !Xu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndTyp= ScriptNa ]Ɋ& = Xu F&  X5~ F&  |7{ F&%oz[FQrElfChnk77(xvޚMu=VysMc&&**pu ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!Xu F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**`u ]Ɋ& !Xu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io`**` u ]Ɋ& !Xu  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le`**` u ]Ɋ& !Xu  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`** u ]Ɋ& !u  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e43a475c-eddd-446c-8022-78f4f68cc9db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d** u ]Ɋ& !u  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d5cf2169-a1f2-456a-aa59-593861857eb0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e43a475c-eddd-446c-8022-78f4f68cc9db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**( u ]Ɋ& !Xu  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@u ]Ɋ& !Xu F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@u ]Ɋ& !Xu F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 6@**8u ]Ɋ& !Xu F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8u ]Ɋ& !Xu F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nst8**8u ]Ɋ& !Xu F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.08**u ]Ɋ& !u F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=639f19df-9a31-4e65-a4fe-a6654135d4bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **u ]Ɋ& !u F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=be6991cc-45ba-4f6f-9336-52626314a976 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=639f19df-9a31-4e65-a4fe-a6654135d4bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pu ]Ɋ& !Xu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pu ]Ɋ& !Xu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**hu ]Ɋ& !Xu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**hu ]Ɋ& !Xu F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**hu ]Ɋ& !Xu F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**u ]Ɋ&  !u F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd263ee7-bf8e-44d9-bfe6-c02fa2d95c2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**u ]Ɋ& !u F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a67169cd-0c8d-454e-9502-567d9a3eeeff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bd263ee7-bf8e-44d9-bfe6-c02fa2d95c2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= . |**`fu ]Ɋ& '!X`fu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**`fu ]Ɋ& ?!X`fu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`fu ]Ɋ& ;!X`fu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6cc** `fu ]Ɋ& 3!X`fu  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**!`fu ]Ɋ& 3!X`fu! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ced**"`fu ]Ɋ& 5!X`fu" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0#`fu ]Ɋ& !`fu# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4aeb9371-0776-4670-acf2-e8f737762991 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@$u ]Ɋ& !u$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72680595-456a-4f7a-85ef-0d08bba66c66 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4aeb9371-0776-4670-acf2-e8f737762991 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**%ق ]Ɋ& )!Xق% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com**&ق ]Ɋ& A!Xق& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= **'ق ]Ɋ& =!Xق' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut**(ق ]Ɋ& 5!Xق( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 **)ق ]Ɋ& 5!Xق) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca***ق ]Ɋ& 7!Xق* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0+ق ]Ɋ& !ق+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d0c99d47-a377-4e03-9e9b-a019a9127fbb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@,93ق ]Ɋ& !93ق, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=954d3572-be1e-4ae6-ada7-a7c3d6a54a28 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d0c99d47-a377-4e03-9e9b-a019a9127fbb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=top@**X-˱ق ]Ɋ& !X˱ق- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p.˱ق ]Ɋ& !X˱ق. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stp**h/˱ق ]Ɋ& !X˱ق/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`0˱ق ]Ɋ& !X˱ق0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n`**`1˱ق ]Ɋ& !X˱ق1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**h2˱ق ]Ɋ& !X˱ق2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Stah**3˱ق ]Ɋ&  !˱ق3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=847a8e4c-d0f2-4498-b96e-9156e342fd5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**4˱ق ]Ɋ& !˱ق4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=43ee84a7-0262-434b-b419-a20d8805d0c2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=847a8e4c-d0f2-4498-b96e-9156e342fd5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**85˱ق ]Ɋ& !X˱ق5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**P6˱ق ]Ɋ& !X˱ق6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ueP**P7˱ق ]Ɋ& !X˱ق7 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P  ]Ɋ& F&%ozXElfChnk8h8h04~(<Mu=VysMc&&**H8˱ق ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X˱ق8 F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H9˱ق ]Ɋ& !X˱ق9 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H:˱ق ]Ɋ& !X˱ق: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**;˱ق ]Ɋ& !˱ق; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50eceb64-a581-44e4-aab6-28c3859bf034 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**<˱ق ]Ɋ& !˱ق< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=280e6e9b-f466-4c7a-a912-31a204f39ed5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=50eceb64-a581-44e4-aab6-28c3859bf034 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**X=fdق ]Ɋ& !Xfdق= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**p>fdق ]Ɋ& !Xfdق> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**h?fdق ]Ɋ& !Xfdق? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`@fdق ]Ɋ& !Xfdق@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`Afdق ]Ɋ& !XfdقA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`Bfdق ]Ɋ& !XfdقB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Cfdق ]Ɋ& !fdقC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34ff1e85-f1f2-4258-8983-4b4a6eeb4ca7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Dfdق ]Ɋ& !fdقD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f767b62b-f560-40a0-8494-81480935f976 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34ff1e85-f1f2-4258-8983-4b4a6eeb4ca7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **(Eق ]Ɋ& !XقE F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5(**@Fق ]Ɋ& !XقF F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@Gق ]Ɋ& !XقG F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**8Hق ]Ɋ& !XقH F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**8Iق ]Ɋ& !XقI F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**8Jق ]Ɋ& !XقJ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Kق ]Ɋ& !قK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6729fee5-adb8-4092-84ad-f47c136bab90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**Lق ]Ɋ& !قL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=49638e3f-4331-4e2f-b2df-2cf2f57bbc49 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6729fee5-adb8-4092-84ad-f47c136bab90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**XMW_ق ]Ɋ& !XW_قM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pNW_ق ]Ɋ& !XW_قN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pOW_ق ]Ɋ& !XW_قO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**hPW_ق ]Ɋ& !XW_قP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**hQW_ق ]Ɋ& !XW_قQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hRW_ق ]Ɋ& !XW_قR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah**SW_ق ]Ɋ&  !W_قS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af9cfad4-1a1c-4bb4-bfe9-3d212b54bb13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Tق ]Ɋ& !قT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d109c34-df5c-433a-aa17-a9b6e7e65a4f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af9cfad4-1a1c-4bb4-bfe9-3d212b54bb13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=**Uق ]Ɋ& '!XقU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**Vق ]Ɋ& ?!XقV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Wق ]Ɋ& ;!XقW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xق ]Ɋ& 3!XقX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou**Yق ]Ɋ& 3!XقY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti**Zق ]Ɋ& 5!XقZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0[ق ]Ɋ& !ق[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d9d5aba3-b304-4999-ae58-633a147623bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@\)ق ]Ɋ& !)ق\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=908ce75b-ed10-4517-99ec-645d702cee39 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d9d5aba3-b304-4999-ae58-633a147623bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7-a3@**]oh% ]Ɋ& )!Xoh%] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**^oh% ]Ɋ& A!Xoh%^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns**_oh% ]Ɋ& =!Xoh%_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-0**`oh% ]Ɋ& 5!Xoh%` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**aoh% ]Ɋ& 5!Xoh%a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**boh% ]Ɋ& 7!Xoh%b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0coh% ]Ɋ& !oh%c F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=520c83bb-90ff-4de3-91d1-95a9226bc5a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@dWi% ]Ɋ& !Wi%d F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a5a2eb93-e0c4-4298-b1cd-b51ceebc4605 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=520c83bb-90ff-4de3-91d1-95a9226bc5a4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**XeWi% ]Ɋ& !XWi%e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**pfWi% ]Ɋ& !XWi%f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**hgWi% ]Ɋ& !XWi%g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`hWi% ]Ɋ& !XWi%h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XWi%i F&XElfChnkiiĘ>tMu=VysMc&&**hiWi% ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!XWi%i F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hjWi% ]Ɋ& !XWi%j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**kWi% ]Ɋ&  !Wi%k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=357ca870-658c-492d-a4c9-71c78f9c46d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ**li% ]Ɋ& !i%l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=357ca870-658c-492d-a4c9-71c78f9c46d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**8mi% ]Ɋ& !Xi%m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pni% ]Ɋ& !Xi%n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Poi% ]Ɋ& !Xi%o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hpi% ]Ɋ& !Xi%p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**Hqi% ]Ɋ& !Xi%q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=AH**Hri% ]Ɋ& !Xi%r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H**si% ]Ɋ& !i%s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77dc070a-0819-4614-99fe-104ea772dce6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ti% ]Ɋ& !i%t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=75de8073-9a62-4071-a96c-4728168ce4e8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77dc070a-0819-4614-99fe-104ea772dce6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xui% ]Ɋ& !Xi%u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**pvi% ]Ɋ& !Xi%v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**hwi% ]Ɋ& !Xi%w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**`xi% ]Ɋ& !Xi%x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`yi% ]Ɋ& !Xi%y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`zi% ]Ɋ& !Xi%z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**{i% ]Ɋ& !i%{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=95e8afa7-83fa-49dc-8e69-dee88c080c06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|9j% ]Ɋ& !9j%| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a2eb3a6-8c2a-4266-af8b-d33c78b92487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=95e8afa7-83fa-49dc-8e69-dee88c080c06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**(}9j% ]Ɋ& !X9j%} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@~9j% ]Ɋ& !X9j%~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0@**@9j% ]Ɋ& !X9j% F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**89j% ]Ɋ& !X9j% F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**89j% ]Ɋ& !X9j% F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5c-8**89j% ]Ɋ& !X9j% F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**9j% ]Ɋ& !9j% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cfbdb337-2b38-41a1-a27a-56679f2ea298 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**j% ]Ɋ& !j% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d8eac1f7-c692-4d56-9a25-00f260e4dbba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=cfbdb337-2b38-41a1-a27a-56679f2ea298 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**XGl% ]Ɋ& !XGl% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pGl% ]Ɋ& !XGl% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**pGl% ]Ɋ& !XGl% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**hGl% ]Ɋ& !XGl% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**hGl% ]Ɋ& !XGl% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**hGl% ]Ɋ& !XGl% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**Gl% ]Ɋ&  !Gl% F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1c83e70-a1b1-4a8d-b8a2-6a1886abd18f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**ޛl% ]Ɋ& !ޛl% F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e62a48ac-64c8-42be-8a22-7b7944e8126e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1c83e70-a1b1-4a8d-b8a2-6a1886abd18f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio**ޛl% ]Ɋ& '!Xޛl% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**ޛl% ]Ɋ& ?!Xޛl% F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**ޛl% ]Ɋ& ;!Xޛl% F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne**ޛl% ]Ɋ& 3!Xޛl% F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **ޛl% ]Ɋ& 3!Xޛl% F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP**ޛl% ]Ɋ& 5!Xޛl% F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0ޛl% ]Ɋ& !ޛl% F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=00aa96a2-40d7-4905-aa50-c09dc41be45c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@t4m% ]Ɋ& !t4m% F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9764f5b6-6676-46b7-9831-259e6ba3c2d3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=00aa96a2-40d7-4905-aa50-c09dc41be45c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**XeWi% ]Ɋ& !XWi%e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**pfWi% ]Ɋ& !XWi%f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**hgWi% ]Ɋ& !XWi%g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`hWi% ]Ɋ& !XWi%h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c2c3e818-a693-4045-a30d-bc28bab25de9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& XWi%i F&XElfChnk0`0`0g?yMu=VysMc&&**H0є ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!Xє0 F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1cd113f9-7485-4167-a20b-b3228ae83c15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H1є ]Ɋ& !Xє1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1cd113f9-7485-4167-a20b-b3228ae83c15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H2є ]Ɋ& !Xє2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1cd113f9-7485-4167-a20b-b3228ae83c15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**3є ]Ɋ& !є3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1cd113f9-7485-4167-a20b-b3228ae83c15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7c935d06-e8c9-45e5-b7bf-c6e76cdc8db6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**4-j ]Ɋ& !-j4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1cd113f9-7485-4167-a20b-b3228ae83c15 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7c935d06-e8c9-45e5-b7bf-c6e76cdc8db6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**X5-j ]Ɋ& !X-j5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d5a70e9-6e37-47a9-b431-a3b25fd1fb18 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**p6-j ]Ɋ& !X-j6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d5a70e9-6e37-47a9-b431-a3b25fd1fb18 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**h7-j ]Ɋ& !X-j7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d5a70e9-6e37-47a9-b431-a3b25fd1fb18 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`8-j ]Ɋ& !X-j8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d5a70e9-6e37-47a9-b431-a3b25fd1fb18 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`9-j ]Ɋ& !X-j9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d5a70e9-6e37-47a9-b431-a3b25fd1fb18 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`:-j ]Ɋ& !X-j: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d5a70e9-6e37-47a9-b431-a3b25fd1fb18 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**;-j ]Ɋ& !-j; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d5a70e9-6e37-47a9-b431-a3b25fd1fb18 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a4b5a10-e4b7-4fb5-ba62-dc89bafa5134 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d5a70e9-6e37-47a9-b431-a3b25fd1fb18 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a4b5a10-e4b7-4fb5-ba62-dc89bafa5134 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **(= ]Ɋ& !X= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d26e9b41-2e5a-4c55-80e9-c8661ca6149b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@> ]Ɋ& !X> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d26e9b41-2e5a-4c55-80e9-c8661ca6149b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@? ]Ɋ& !X? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d26e9b41-2e5a-4c55-80e9-c8661ca6149b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**8@ ]Ɋ& !X@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d26e9b41-2e5a-4c55-80e9-c8661ca6149b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**8A ]Ɋ& !XA F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d26e9b41-2e5a-4c55-80e9-c8661ca6149b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**8B ]Ɋ& !XB F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d26e9b41-2e5a-4c55-80e9-c8661ca6149b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**C ]Ɋ& !C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d26e9b41-2e5a-4c55-80e9-c8661ca6149b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ca43823d-2810-43d5-afb2-47bf123ed39b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**D3 ]Ɋ& !3D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d26e9b41-2e5a-4c55-80e9-c8661ca6149b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ca43823d-2810-43d5-afb2-47bf123ed39b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**XEe ]Ɋ& !XeE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=06fdf857-1511-4e27-a4ea-a61c02c6f658 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pFe ]Ɋ& !XeF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=06fdf857-1511-4e27-a4ea-a61c02c6f658 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pGe ]Ɋ& !XeG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=06fdf857-1511-4e27-a4ea-a61c02c6f658 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**hHe ]Ɋ& !XeH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=06fdf857-1511-4e27-a4ea-a61c02c6f658 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**hIe ]Ɋ& !XeI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=06fdf857-1511-4e27-a4ea-a61c02c6f658 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hJe ]Ɋ& !XeJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=06fdf857-1511-4e27-a4ea-a61c02c6f658 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah**Ke ]Ɋ&  !eK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=06fdf857-1511-4e27-a4ea-a61c02c6f658 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb63185f-49e3-4bac-87a3-b2c48e0ffa6a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**L ]Ɋ& !L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=06fdf857-1511-4e27-a4ea-a61c02c6f658 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb63185f-49e3-4bac-87a3-b2c48e0ffa6a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=**MK ]Ɋ& '!XKM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=51cce909-ac92-4fba-990f-e0dc86cbccdb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**NK ]Ɋ& ?!XKN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=51cce909-ac92-4fba-990f-e0dc86cbccdb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **OK ]Ɋ& ;!XKO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=51cce909-ac92-4fba-990f-e0dc86cbccdb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**PK ]Ɋ& 3!XKP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=51cce909-ac92-4fba-990f-e0dc86cbccdb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou**QK ]Ɋ& 3!XKQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=51cce909-ac92-4fba-990f-e0dc86cbccdb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti**RK ]Ɋ& 5!XKR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=51cce909-ac92-4fba-990f-e0dc86cbccdb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0SK ]Ɋ& !KS F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=51cce909-ac92-4fba-990f-e0dc86cbccdb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3ad9a8c1-1455-4842-b5d0-bcaf95ad6788 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@Txǚ ]Ɋ& !xǚT F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=51cce909-ac92-4fba-990f-e0dc86cbccdb HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3ad9a8c1-1455-4842-b5d0-bcaf95ad6788 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2-c4@**U{ ]Ɋ& )!X{U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6149a601-b594-459e-a91a-dd263532381a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**V{ ]Ɋ& A!X{V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6149a601-b594-459e-a91a-dd263532381a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns**W{ ]Ɋ& =!X{W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6149a601-b594-459e-a91a-dd263532381a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-3**X{ ]Ɋ& 5!X{X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6149a601-b594-459e-a91a-dd263532381a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**Y{ ]Ɋ& 5!X{Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6149a601-b594-459e-a91a-dd263532381a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**Z{ ]Ɋ& 7!X{Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6149a601-b594-459e-a91a-dd263532381a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0[C ]Ɋ& !C[ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6149a601-b594-459e-a91a-dd263532381a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=516a6c18-c864-454c-a0a4-c68fbd3fbd15 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@\pE ]Ɋ& !pE\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6149a601-b594-459e-a91a-dd263532381a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=516a6c18-c864-454c-a0a4-c68fbd3fbd15 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**X] ]Ɋ& !X] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=df4f83cd-f934-4cd1-b5e9-7d0acd7cbee1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**p^ ]Ɋ& !X^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=df4f83cd-f934-4cd1-b5e9-7d0acd7cbee1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**h_ ]Ɋ& !X_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=df4f83cd-f934-4cd1-b5e9-7d0acd7cbee1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`` ]Ɋ& !X` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=df4f83cd-f934-4cd1-b5e9-7d0acd7cbee1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa F&XElfChnkaamd`׎Mu=VysMc&&**ha ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!Xa F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=df4f83cd-f934-4cd1-b5e9-7d0acd7cbee1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hb ]Ɋ& !Xb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=df4f83cd-f934-4cd1-b5e9-7d0acd7cbee1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**c ]Ɋ&  !c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=df4f83cd-f934-4cd1-b5e9-7d0acd7cbee1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dbdd4200-fef1-4bf4-b7a9-379f851a04a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=df4f83cd-f934-4cd1-b5e9-7d0acd7cbee1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dbdd4200-fef1-4bf4-b7a9-379f851a04a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**8ev ]Ɋ& !Xve F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c04a75b0-5e4c-43cf-b70a-ef1e9dfcbc08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pfv ]Ɋ& !Xvf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c04a75b0-5e4c-43cf-b70a-ef1e9dfcbc08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pgv ]Ɋ& !Xvg F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c04a75b0-5e4c-43cf-b70a-ef1e9dfcbc08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hhv ]Ɋ& !Xvh F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c04a75b0-5e4c-43cf-b70a-ef1e9dfcbc08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**Hiv ]Ɋ& !Xvi F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c04a75b0-5e4c-43cf-b70a-ef1e9dfcbc08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9H**Hjv ]Ɋ& !Xvj F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c04a75b0-5e4c-43cf-b70a-ef1e9dfcbc08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H**kv ]Ɋ& !vk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c04a75b0-5e4c-43cf-b70a-ef1e9dfcbc08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4e6ba5ef-ea07-485b-abe0-4875c568d6b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**lv ]Ɋ& !vl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c04a75b0-5e4c-43cf-b70a-ef1e9dfcbc08 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4e6ba5ef-ea07-485b-abe0-4875c568d6b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xm3 ]Ɋ& !X3m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a0e5ed60-c7ee-4a1b-9d9e-41169807811d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**pn3 ]Ɋ& !X3n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a0e5ed60-c7ee-4a1b-9d9e-41169807811d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**ho3 ]Ɋ& !X3o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a0e5ed60-c7ee-4a1b-9d9e-41169807811d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**`p3 ]Ɋ& !X3p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a0e5ed60-c7ee-4a1b-9d9e-41169807811d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`q3 ]Ɋ& !X3q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a0e5ed60-c7ee-4a1b-9d9e-41169807811d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`r3 ]Ɋ& !X3r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a0e5ed60-c7ee-4a1b-9d9e-41169807811d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**s3 ]Ɋ& !3s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a0e5ed60-c7ee-4a1b-9d9e-41169807811d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=141895d1-60e5-4ed1-ad18-ef23b8853486 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**t3 ]Ɋ& !3t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a0e5ed60-c7ee-4a1b-9d9e-41169807811d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=141895d1-60e5-4ed1-ad18-ef23b8853486 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**(u3 ]Ɋ& !X3u F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=63940c86-af1a-4417-85c5-9c445a519459 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@v3 ]Ɋ& !X3v F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=63940c86-af1a-4417-85c5-9c445a519459 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3@**@w3 ]Ɋ& !X3w F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=63940c86-af1a-4417-85c5-9c445a519459 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**8x3 ]Ɋ& !X3x F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=63940c86-af1a-4417-85c5-9c445a519459 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**8y3 ]Ɋ& !X3y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=63940c86-af1a-4417-85c5-9c445a519459 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=11-8**8z3 ]Ɋ& !X3z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=63940c86-af1a-4417-85c5-9c445a519459 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**{3 ]Ɋ& !3{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=63940c86-af1a-4417-85c5-9c445a519459 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1ed75352-26ac-4e71-a87c-806d3b46e36f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**|`@ ]Ɋ& !`@| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=63940c86-af1a-4417-85c5-9c445a519459 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1ed75352-26ac-4e71-a87c-806d3b46e36f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**X}q ]Ɋ& !Xq} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=24b314e0-5cdb-4687-ac99-17a5140b2a2a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p~q ]Ɋ& !Xq~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=24b314e0-5cdb-4687-ac99-17a5140b2a2a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**pq ]Ɋ& !Xq F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=24b314e0-5cdb-4687-ac99-17a5140b2a2a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**hq ]Ɋ& !Xq F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=24b314e0-5cdb-4687-ac99-17a5140b2a2a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**hq ]Ɋ& !Xq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=24b314e0-5cdb-4687-ac99-17a5140b2a2a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**hq ]Ɋ& !Xq F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=24b314e0-5cdb-4687-ac99-17a5140b2a2a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**q ]Ɋ&  !q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=24b314e0-5cdb-4687-ac99-17a5140b2a2a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd7e2155-1efc-4bcd-aa96-b6410732cc27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=24b314e0-5cdb-4687-ac99-17a5140b2a2a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd7e2155-1efc-4bcd-aa96-b6410732cc27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e04cadd0-50c1-441c-9140-98418f2805b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e04cadd0-50c1-441c-9140-98418f2805b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e04cadd0-50c1-441c-9140-98418f2805b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e04cadd0-50c1-441c-9140-98418f2805b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e04cadd0-50c1-441c-9140-98418f2805b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e04cadd0-50c1-441c-9140-98418f2805b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e04cadd0-50c1-441c-9140-98418f2805b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0d317b38-362d-4124-ad55-b0ad0b54c2dc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e04cadd0-50c1-441c-9140-98418f2805b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0d317b38-362d-4124-ad55-b0ad0b54c2dc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**Q ]Ɋ& )!XQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cc61c6c6-6b5f-4c43-98bc-644cfc242be5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**Q ]Ɋ& A!XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cc61c6c6-6b5f-4c43-98bc-644cfc242be5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**Q ]Ɋ& =!XQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cc61c6c6-6b5f-4c43-98bc-644cfc242be5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**Q ]Ɋ& 5!XQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cc61c6c6-6b5f-4c43-98bc-644cfc242be5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icXQ F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa F&XElfChnkpE6wMu=VysMc&&**Q ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XQ F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cc61c6c6-6b5f-4c43-98bc-644cfc242be5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **Q ]Ɋ& 7!XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cc61c6c6-6b5f-4c43-98bc-644cfc242be5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0Q ]Ɋ& !Q F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cc61c6c6-6b5f-4c43-98bc-644cfc242be5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=72b39adb-4372-4fea-b1fb-92995cddd3b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@eQ ]Ɋ& !eQ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cc61c6c6-6b5f-4c43-98bc-644cfc242be5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=72b39adb-4372-4fea-b1fb-92995cddd3b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**XeQ ]Ɋ& !XeQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=173dd674-dced-44dd-bdaa-1dcd15283af3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**peQ ]Ɋ& !XeQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=173dd674-dced-44dd-bdaa-1dcd15283af3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**heQ ]Ɋ& !XeQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=173dd674-dced-44dd-bdaa-1dcd15283af3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`eQ ]Ɋ& !XeQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=173dd674-dced-44dd-bdaa-1dcd15283af3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`eQ ]Ɋ& !XeQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=173dd674-dced-44dd-bdaa-1dcd15283af3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**heQ ]Ɋ& !XeQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=173dd674-dced-44dd-bdaa-1dcd15283af3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**eQ ]Ɋ&  !eQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=173dd674-dced-44dd-bdaa-1dcd15283af3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3fd9c08b-fa9f-4bf0-9361-18f9dcc4b4cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **eQ ]Ɋ& !eQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=173dd674-dced-44dd-bdaa-1dcd15283af3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3fd9c08b-fa9f-4bf0-9361-18f9dcc4b4cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8tQ ]Ɋ& !XtQ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9ddd2ae3-fac2-4ff3-957f-cce881a3dfcf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**PtQ ]Ɋ& !XtQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9ddd2ae3-fac2-4ff3-957f-cce881a3dfcf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**PtQ ]Ɋ& !XtQ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9ddd2ae3-fac2-4ff3-957f-cce881a3dfcf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**HtQ ]Ɋ& !XtQ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9ddd2ae3-fac2-4ff3-957f-cce881a3dfcf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**HtQ ]Ɋ& !XtQ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9ddd2ae3-fac2-4ff3-957f-cce881a3dfcf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**HtQ ]Ɋ& !XtQ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9ddd2ae3-fac2-4ff3-957f-cce881a3dfcf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**tQ ]Ɋ& !tQ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9ddd2ae3-fac2-4ff3-957f-cce881a3dfcf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=95fdef63-96de-4b8f-93c1-d9ba1cda323c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**tQ ]Ɋ& !tQ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9ddd2ae3-fac2-4ff3-957f-cce881a3dfcf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=95fdef63-96de-4b8f-93c1-d9ba1cda323c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X Q ]Ɋ& !X Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a7495332-5323-41a8-8612-ccff1ec8487c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p Q ]Ɋ& !X Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a7495332-5323-41a8-8612-ccff1ec8487c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h Q ]Ɋ& !X Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a7495332-5323-41a8-8612-ccff1ec8487c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**` Q ]Ɋ& !X Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a7495332-5323-41a8-8612-ccff1ec8487c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**` Q ]Ɋ& !X Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a7495332-5323-41a8-8612-ccff1ec8487c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**` Q ]Ɋ& !X Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a7495332-5323-41a8-8612-ccff1ec8487c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`** Q ]Ɋ& ! Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a7495332-5323-41a8-8612-ccff1ec8487c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=497ffa8a-f0de-442a-82d2-bf8594e42914 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T** Q ]Ɋ& ! Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a7495332-5323-41a8-8612-ccff1ec8487c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=497ffa8a-f0de-442a-82d2-bf8594e42914 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**()Q ]Ɋ& !X)Q F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a0d1ca40-0441-4c20-a923-23a3e168e888 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7(**@)Q ]Ɋ& !X)Q F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a0d1ca40-0441-4c20-a923-23a3e168e888 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@)Q ]Ɋ& !X)Q F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a0d1ca40-0441-4c20-a923-23a3e168e888 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=~@**8)Q ]Ɋ& !X)Q F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a0d1ca40-0441-4c20-a923-23a3e168e888 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8)Q ]Ɋ& !X)Q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a0d1ca40-0441-4c20-a923-23a3e168e888 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8)Q ]Ɋ& !X)Q F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a0d1ca40-0441-4c20-a923-23a3e168e888 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**)Q ]Ɋ& !)Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a0d1ca40-0441-4c20-a923-23a3e168e888 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f9ef3e5b-e6d5-40c0-a6f5-902887cd3daa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**>Q ]Ɋ& !>Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a0d1ca40-0441-4c20-a923-23a3e168e888 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f9ef3e5b-e6d5-40c0-a6f5-902887cd3daa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**XQ ]Ɋ& !XQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a2d6b0f3-0f49-4f95-bd1a-d696c1986aed HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pQ ]Ɋ& !XQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a2d6b0f3-0f49-4f95-bd1a-d696c1986aed HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pQ ]Ɋ& !XQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a2d6b0f3-0f49-4f95-bd1a-d696c1986aed HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hQ ]Ɋ& !XQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a2d6b0f3-0f49-4f95-bd1a-d696c1986aed HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hQ ]Ɋ& !XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a2d6b0f3-0f49-4f95-bd1a-d696c1986aed HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=18fh**hQ ]Ɋ& !XQ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a2d6b0f3-0f49-4f95-bd1a-d696c1986aed HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**Q ]Ɋ&  !Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a2d6b0f3-0f49-4f95-bd1a-d696c1986aed HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dc969c47-9608-447b-967e-69cf61a2da1e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**9Q ]Ɋ& !9Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a2d6b0f3-0f49-4f95-bd1a-d696c1986aed HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dc969c47-9608-447b-967e-69cf61a2da1e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**FQ ]Ɋ& '!XFQ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ca0f7f99-03c1-4498-8429-703cdd22636a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**FQ ]Ɋ& ?!XFQ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ca0f7f99-03c1-4498-8429-703cdd22636a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**FQ ]Ɋ& ;!XFQ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ca0f7f99-03c1-4498-8429-703cdd22636a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **FQ ]Ɋ& 3!XFQ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ca0f7f99-03c1-4498-8429-703cdd22636a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**FQ ]Ɋ& 3!XFQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ca0f7f99-03c1-4498-8429-703cdd22636a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& XFQ¶ F& F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa F&XElfChnk¶¶p({y{Mu=VysMc&&** ¶FQ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XFQ¶ F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ca0f7f99-03c1-4498-8429-703cdd22636a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4c4 **0öFQ ]Ɋ& !FQö F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ca0f7f99-03c1-4498-8429-703cdd22636a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d1281a39-357a-4f7f-864e-783d57da163e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ĶjQ ]Ɋ& !jQĶ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ca0f7f99-03c1-4498-8429-703cdd22636a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d1281a39-357a-4f7f-864e-783d57da163e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**ŶU ]Ɋ& )!XUŶ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=24539b2d-e972-415d-9bf5-e7d1e30a3802 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**ƶU ]Ɋ& A!XUƶ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=24539b2d-e972-415d-9bf5-e7d1e30a3802 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **ǶU ]Ɋ& =!XUǶ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=24539b2d-e972-415d-9bf5-e7d1e30a3802 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ȶU ]Ɋ& 5!XUȶ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=24539b2d-e972-415d-9bf5-e7d1e30a3802 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ɶU ]Ɋ& 5!XUɶ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=24539b2d-e972-415d-9bf5-e7d1e30a3802 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **ʶU ]Ɋ& 7!XUʶ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=24539b2d-e972-415d-9bf5-e7d1e30a3802 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0˶U ]Ɋ& !U˶ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=24539b2d-e972-415d-9bf5-e7d1e30a3802 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=13fbcaad-7196-43ce-9534-d21a89dd6c4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@̶u ]Ɋ& !u̶ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=24539b2d-e972-415d-9bf5-e7d1e30a3802 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=13fbcaad-7196-43ce-9534-d21a89dd6c4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**XͶu ]Ɋ& !XuͶ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3266a837-167e-4f2a-84ae-c7949b7e3856 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pζu ]Ɋ& !Xuζ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3266a837-167e-4f2a-84ae-c7949b7e3856 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**h϶u ]Ɋ& !Xu϶ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3266a837-167e-4f2a-84ae-c7949b7e3856 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`жu ]Ɋ& !Xuж F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3266a837-167e-4f2a-84ae-c7949b7e3856 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`Ѷu ]Ɋ& !XuѶ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3266a837-167e-4f2a-84ae-c7949b7e3856 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hҶu ]Ɋ& !XuҶ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3266a837-167e-4f2a-84ae-c7949b7e3856 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**Ӷu ]Ɋ&  !uӶ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3266a837-167e-4f2a-84ae-c7949b7e3856 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8da43273-ec0e-4e92-a997-4c8fe8d25361 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**Զ  ]Ɋ& ! Զ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3266a837-167e-4f2a-84ae-c7949b7e3856 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8da43273-ec0e-4e92-a997-4c8fe8d25361 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8ն  ]Ɋ& !X ն F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=905ea60a-0a84-43e5-a70f-6f2b7f904322 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**Pֶ  ]Ɋ& !X ֶ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=905ea60a-0a84-43e5-a70f-6f2b7f904322 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**P׶  ]Ɋ& !X ׶ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=905ea60a-0a84-43e5-a70f-6f2b7f904322 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**Hض  ]Ɋ& !X ض F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=905ea60a-0a84-43e5-a70f-6f2b7f904322 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**Hٶ  ]Ɋ& !X ٶ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=905ea60a-0a84-43e5-a70f-6f2b7f904322 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ftVoH**Hڶ  ]Ɋ& !X ڶ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=905ea60a-0a84-43e5-a70f-6f2b7f904322 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ritH**۶  ]Ɋ& ! ۶ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=905ea60a-0a84-43e5-a70f-6f2b7f904322 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9250d809-a0f9-47db-a156-eeeeb7e0e6fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**ܶ  ]Ɋ& ! ܶ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=905ea60a-0a84-43e5-a70f-6f2b7f904322 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9250d809-a0f9-47db-a156-eeeeb7e0e6fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**XݶF ]Ɋ& !XFݶ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c05bb381-e9e0-4d8d-9825-a05148f29545 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US;X**p޶F ]Ɋ& !XF޶ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c05bb381-e9e0-4d8d-9825-a05148f29545 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostVp**h߶F ]Ɋ& !XF߶ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c05bb381-e9e0-4d8d-9825-a05148f29545 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`F ]Ɋ& !XF F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c05bb381-e9e0-4d8d-9825-a05148f29545 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*`**`F ]Ɋ& !XF F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c05bb381-e9e0-4d8d-9825-a05148f29545 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru`**`F ]Ɋ& !XF F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c05bb381-e9e0-4d8d-9825-a05148f29545 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**F ]Ɋ& !F F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c05bb381-e9e0-4d8d-9825-a05148f29545 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=24a056bb-6d1c-450f-bf1f-dc109236d606 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**F ]Ɋ& !F F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c05bb381-e9e0-4d8d-9825-a05148f29545 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=24a056bb-6d1c-450f-bf1f-dc109236d606 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(F ]Ɋ& !XF F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bd15af0e-1c1a-45d8-9b08-45ec08c41961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8(**@F ]Ɋ& !XF F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bd15af0e-1c1a-45d8-9b08-45ec08c41961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6@**@F ]Ɋ& !XF F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bd15af0e-1c1a-45d8-9b08-45ec08c41961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8F ]Ɋ& !XF F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bd15af0e-1c1a-45d8-9b08-45ec08c41961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8F ]Ɋ& !XF F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bd15af0e-1c1a-45d8-9b08-45ec08c41961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8F ]Ɋ& !XF F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bd15af0e-1c1a-45d8-9b08-45ec08c41961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**F ]Ɋ& !F F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bd15af0e-1c1a-45d8-9b08-45ec08c41961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8102f3e1-bbb5-40d9-ba5b-3322f7aa3491 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**s  ]Ɋ& !s  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bd15af0e-1c1a-45d8-9b08-45ec08c41961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8102f3e1-bbb5-40d9-ba5b-3322f7aa3491 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X" ]Ɋ& !X" F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e123f2c7-9802-46d0-bc6d-82b45ea83d43 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p" ]Ɋ& !X" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e123f2c7-9802-46d0-bc6d-82b45ea83d43 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p" ]Ɋ& !X" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e123f2c7-9802-46d0-bc6d-82b45ea83d43 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h" ]Ɋ& !X" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e123f2c7-9802-46d0-bc6d-82b45ea83d43 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h" ]Ɋ& !X" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e123f2c7-9802-46d0-bc6d-82b45ea83d43 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h" ]Ɋ& !X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e123f2c7-9802-46d0-bc6d-82b45ea83d43 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**" ]Ɋ&  !" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e123f2c7-9802-46d0-bc6d-82b45ea83d43 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=684e916b-cafa-4ac3-a9e6-098800e2af09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sbe.properties ]Ɋ& Cu6" F&n-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& XFQ¶ F& F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa F&XElfChnk&&xDMu=VysMc&&** 6" ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !6" F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e123f2c7-9802-46d0-bc6d-82b45ea83d43 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=684e916b-cafa-4ac3-a9e6-098800e2af09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **9# ]Ɋ& '!X9# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ef2a5f37-b03d-4dda-84df-654247663067 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**9# ]Ɋ& ?!X9# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ef2a5f37-b03d-4dda-84df-654247663067 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**9# ]Ɋ& ;!X9# F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ef2a5f37-b03d-4dda-84df-654247663067 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**9# ]Ɋ& 3!X9# F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ef2a5f37-b03d-4dda-84df-654247663067 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**9# ]Ɋ& 3!X9# F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ef2a5f37-b03d-4dda-84df-654247663067 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**9# ]Ɋ& 5!X9# F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ef2a5f37-b03d-4dda-84df-654247663067 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**09# ]Ɋ& !9# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ef2a5f37-b03d-4dda-84df-654247663067 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32c2e0c5-e3fb-4e92-b286-c39ef0818197 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@j$ ]Ɋ& !j$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ef2a5f37-b03d-4dda-84df-654247663067 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32c2e0c5-e3fb-4e92-b286-c39ef0818197 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee25feda-bf84-46ab-a42d-7a0ef7b96f83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee25feda-bf84-46ab-a42d-7a0ef7b96f83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee25feda-bf84-46ab-a42d-7a0ef7b96f83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv** ]Ɋ& 5!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee25feda-bf84-46ab-a42d-7a0ef7b96f83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l ** ]Ɋ& 5!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee25feda-bf84-46ab-a42d-7a0ef7b96f83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==3** ]Ɋ& 7!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee25feda-bf84-46ab-a42d-7a0ef7b96f83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0s ]Ɋ& !s F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee25feda-bf84-46ab-a42d-7a0ef7b96f83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88e5b9f7-7f72-4b01-9dc1-b8659f5438f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@< ]Ɋ& !< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee25feda-bf84-46ab-a42d-7a0ef7b96f83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88e5b9f7-7f72-4b01-9dc1-b8659f5438f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=908ba963-6ba5-44b2-bfa6-5a0912ba21ee HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=908ba963-6ba5-44b2-bfa6-5a0912ba21ee HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=908ba963-6ba5-44b2-bfa6-5a0912ba21ee HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=908ba963-6ba5-44b2-bfa6-5a0912ba21ee HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`  ]Ɋ& !X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=908ba963-6ba5-44b2-bfa6-5a0912ba21ee HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**h  ]Ɋ& !X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=908ba963-6ba5-44b2-bfa6-5a0912ba21ee HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh**  ]Ɋ&  !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=908ba963-6ba5-44b2-bfa6-5a0912ba21ee HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=822a2f25-cd51-4fcc-a94d-e3001a7fee09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped ** = ]Ɋ& !=  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=908ba963-6ba5-44b2-bfa6-5a0912ba21ee HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=822a2f25-cd51-4fcc-a94d-e3001a7fee09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**8 7 ]Ɋ& !X7  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3a1cef6b-e151-4030-9dce-b6ef4c5cd4d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**P7 ]Ɋ& !X7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3a1cef6b-e151-4030-9dce-b6ef4c5cd4d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**P7 ]Ɋ& !X7 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3a1cef6b-e151-4030-9dce-b6ef4c5cd4d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**H7 ]Ɋ& !X7 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3a1cef6b-e151-4030-9dce-b6ef4c5cd4d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**H7 ]Ɋ& !X7 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3a1cef6b-e151-4030-9dce-b6ef4c5cd4d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H7 ]Ɋ& !X7 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3a1cef6b-e151-4030-9dce-b6ef4c5cd4d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**7 ]Ɋ& !7 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3a1cef6b-e151-4030-9dce-b6ef4c5cd4d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ee2816dc-7458-4b65-9685-86dd21e1b25e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**7 ]Ɋ& !7 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3a1cef6b-e151-4030-9dce-b6ef4c5cd4d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ee2816dc-7458-4b65-9685-86dd21e1b25e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X7 ]Ɋ& !X7 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=810e3461-3dc9-44f4-a0c9-c0cd0d51b68e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**p7 ]Ɋ& !X7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=810e3461-3dc9-44f4-a0c9-c0cd0d51b68e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**h7 ]Ɋ& !X7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=810e3461-3dc9-44f4-a0c9-c0cd0d51b68e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`7 ]Ɋ& !X7 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=810e3461-3dc9-44f4-a0c9-c0cd0d51b68e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`7 ]Ɋ& !X7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=810e3461-3dc9-44f4-a0c9-c0cd0d51b68e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`7 ]Ɋ& !X7 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=810e3461-3dc9-44f4-a0c9-c0cd0d51b68e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**7 ]Ɋ& !7 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=810e3461-3dc9-44f4-a0c9-c0cd0d51b68e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=06f53770-6631-422d-8f57-86889f84108a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**j ]Ɋ& !j F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=810e3461-3dc9-44f4-a0c9-c0cd0d51b68e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=06f53770-6631-422d-8f57-86889f84108a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **(j ]Ɋ& !Xj F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2bf4dc46-45c4-4f9f-a08f-318148a32e09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@j ]Ɋ& !Xj F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2bf4dc46-45c4-4f9f-a08f-318148a32e09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@j ]Ɋ& !Xj F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2bf4dc46-45c4-4f9f-a08f-318148a32e09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8 j ]Ɋ& !Xj  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2bf4dc46-45c4-4f9f-a08f-318148a32e09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8!j ]Ɋ& !Xj! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2bf4dc46-45c4-4f9f-a08f-318148a32e09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8"j ]Ɋ& !Xj" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2bf4dc46-45c4-4f9f-a08f-318148a32e09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8**#j ]Ɋ& !j# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2bf4dc46-45c4-4f9f-a08f-318148a32e09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b796461c-2136-48c0-9dc4-e44d92783137 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**$ ]Ɋ& !$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2bf4dc46-45c4-4f9f-a08f-318148a32e09 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b796461c-2136-48c0-9dc4-e44d92783137 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**X%2 ]Ɋ& !X2% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=208c5644-4728-4406-985c-fa1adb649511 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p&2 ]Ɋ& !X2& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=208c5644-4728-4406-985c-fa1adb649511 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX2' F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa F&XElfChnk'X'XgMu=VysMc&&**p '2 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!X2' F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=208c5644-4728-4406-985c-fa1adb649511 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **h(2 ]Ɋ& !X2( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=208c5644-4728-4406-985c-fa1adb649511 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h)2 ]Ɋ& !X2) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=208c5644-4728-4406-985c-fa1adb649511 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h*2 ]Ɋ& !X2* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=208c5644-4728-4406-985c-fa1adb649511 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**+2 ]Ɋ&  !2+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=208c5644-4728-4406-985c-fa1adb649511 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=acf4cd1e-cdb2-408b-92f1-85a97f72242f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=47**,c ]Ɋ& !c, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=208c5644-4728-4406-985c-fa1adb649511 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=acf4cd1e-cdb2-408b-92f1-85a97f72242f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De**-c ]Ɋ& '!Xc- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0496a2dc-76f3-4fcc-bfe3-db7ca0c8c6ca HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**.c ]Ɋ& ?!Xc. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0496a2dc-76f3-4fcc-bfe3-db7ca0c8c6ca HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**/c ]Ɋ& ;!Xc/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0496a2dc-76f3-4fcc-bfe3-db7ca0c8c6ca HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel**0c ]Ɋ& 3!Xc0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0496a2dc-76f3-4fcc-bfe3-db7ca0c8c6ca HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**1c ]Ɋ& 3!Xc1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0496a2dc-76f3-4fcc-bfe3-db7ca0c8c6ca HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll **2c ]Ɋ& 5!Xc2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0496a2dc-76f3-4fcc-bfe3-db7ca0c8c6ca HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**03c ]Ɋ& !c3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0496a2dc-76f3-4fcc-bfe3-db7ca0c8c6ca HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0a70edbf-ef30-4991-9c73-06db094a6199 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@4 ]Ɋ& !4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0496a2dc-76f3-4fcc-bfe3-db7ca0c8c6ca HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0a70edbf-ef30-4991-9c73-06db094a6199 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**5dZ'e ]Ɋ& )!XdZ'e5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c0e97004-1ac6-471c-8f91-e254f681ce6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**6dZ'e ]Ɋ& A!XdZ'e6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c0e97004-1ac6-471c-8f91-e254f681ce6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **7dZ'e ]Ɋ& =!XdZ'e7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c0e97004-1ac6-471c-8f91-e254f681ce6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**8dZ'e ]Ɋ& 5!XdZ'e8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c0e97004-1ac6-471c-8f91-e254f681ce6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl**9dZ'e ]Ɋ& 5!XdZ'e9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c0e97004-1ac6-471c-8f91-e254f681ce6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **:dZ'e ]Ɋ& 7!XdZ'e: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c0e97004-1ac6-471c-8f91-e254f681ce6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0;'e ]Ɋ& !'e; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c0e97004-1ac6-471c-8f91-e254f681ce6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d4bcb74-0c76-4944-8edf-6919e29a0bf1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@<($)e ]Ɋ& !($)e< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c0e97004-1ac6-471c-8f91-e254f681ce6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d4bcb74-0c76-4944-8edf-6919e29a0bf1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**X=($)e ]Ɋ& !X($)e= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4f14b876-a9ec-4195-ace4-c5b366acf50c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**p>($)e ]Ɋ& !X($)e> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4f14b876-a9ec-4195-ace4-c5b366acf50c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**h?($)e ]Ɋ& !X($)e? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4f14b876-a9ec-4195-ace4-c5b366acf50c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`@($)e ]Ɋ& !X($)e@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4f14b876-a9ec-4195-ace4-c5b366acf50c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`A($)e ]Ɋ& !X($)eA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4f14b876-a9ec-4195-ace4-c5b366acf50c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**hB($)e ]Ɋ& !X($)eB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4f14b876-a9ec-4195-ace4-c5b366acf50c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**C)e ]Ɋ&  !)eC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4f14b876-a9ec-4195-ace4-c5b366acf50c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=39453767-8b2f-4c57-be5d-9e09fc1bf88a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ef6b**D)e ]Ɋ& !)eD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4f14b876-a9ec-4195-ace4-c5b366acf50c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=39453767-8b2f-4c57-be5d-9e09fc1bf88a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dc**8E)e ]Ɋ& !X)eE F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c050df66-9664-4e28-bf0e-62ae9eeedc1c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**PF)e ]Ɋ& !X)eF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c050df66-9664-4e28-bf0e-62ae9eeedc1c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**PG)e ]Ɋ& !X)eG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c050df66-9664-4e28-bf0e-62ae9eeedc1c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**HH)e ]Ɋ& !X)eH F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c050df66-9664-4e28-bf0e-62ae9eeedc1c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**HI)e ]Ɋ& !X)eI F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c050df66-9664-4e28-bf0e-62ae9eeedc1c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**HJ)e ]Ɋ& !X)eJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c050df66-9664-4e28-bf0e-62ae9eeedc1c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**K)e ]Ɋ& !)eK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c050df66-9664-4e28-bf0e-62ae9eeedc1c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7f9eab3e-f6a6-4815-b681-3e10f399522c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**LUU*e ]Ɋ& !UU*eL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c050df66-9664-4e28-bf0e-62ae9eeedc1c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7f9eab3e-f6a6-4815-b681-3e10f399522c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XMUU*e ]Ɋ& !XUU*eM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5770de9e-3d31-43be-9c92-8d0ee7dd6326 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**pNUU*e ]Ɋ& !XUU*eN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5770de9e-3d31-43be-9c92-8d0ee7dd6326 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hOUU*e ]Ɋ& !XUU*eO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5770de9e-3d31-43be-9c92-8d0ee7dd6326 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`PUU*e ]Ɋ& !XUU*eP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5770de9e-3d31-43be-9c92-8d0ee7dd6326 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**`QUU*e ]Ɋ& !XUU*eQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5770de9e-3d31-43be-9c92-8d0ee7dd6326 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**`RUU*e ]Ɋ& !XUU*eR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5770de9e-3d31-43be-9c92-8d0ee7dd6326 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1`**SUU*e ]Ɋ& !UU*eS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5770de9e-3d31-43be-9c92-8d0ee7dd6326 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b7caa7e6-e42d-46b7-9256-f49f4d19103b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**T*e ]Ɋ& !*eT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5770de9e-3d31-43be-9c92-8d0ee7dd6326 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b7caa7e6-e42d-46b7-9256-f49f4d19103b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**(U*e ]Ɋ& !X*eU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b2ac0e6f-0aff-4e7e-8273-f990bc958a2f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@V*e ]Ɋ& !X*eV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b2ac0e6f-0aff-4e7e-8273-f990bc958a2f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@W*e ]Ɋ& !X*eW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b2ac0e6f-0aff-4e7e-8273-f990bc958a2f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8X*e ]Ɋ& !X*eX F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b2ac0e6f-0aff-4e7e-8273-f990bc958a2f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etX*eY F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX2' F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xa F&XElfChnkYY֝cMu=VysMc&&**8 Y*e ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X*eY F&F%g>9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b2ac0e6f-0aff-4e7e-8273-f990bc958a2f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8Z*e ]Ɋ& !X*eZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b2ac0e6f-0aff-4e7e-8273-f990bc958a2f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**[*e ]Ɋ& !*e[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b2ac0e6f-0aff-4e7e-8273-f990bc958a2f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9d500cd1-1c91-4d64-b2dd-0f83c4303c1e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA**\,e ]Ɋ& !,e\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b2ac0e6f-0aff-4e7e-8273-f990bc958a2f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9d500cd1-1c91-4d64-b2dd-0f83c4303c1e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**X]EP-e ]Ɋ& !XEP-e] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5c229a61-fd85-43f4-ae52-68d38765b133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**p^EP-e ]Ɋ& !XEP-e^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5c229a61-fd85-43f4-ae52-68d38765b133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6p**p_EP-e ]Ɋ& !XEP-e_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5c229a61-fd85-43f4-ae52-68d38765b133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h`EP-e ]Ɋ& !XEP-e` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5c229a61-fd85-43f4-ae52-68d38765b133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**haEP-e ]Ɋ& !XEP-ea F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5c229a61-fd85-43f4-ae52-68d38765b133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**hbEP-e ]Ɋ& !XEP-eb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5c229a61-fd85-43f4-ae52-68d38765b133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh**cEP-e ]Ɋ&  !EP-ec F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5c229a61-fd85-43f4-ae52-68d38765b133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e8123fe4-5522-48dd-b5d0-a6680c8ec3b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**dr.e ]Ɋ& !r.ed F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5c229a61-fd85-43f4-ae52-68d38765b133 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e8123fe4-5522-48dd-b5d0-a6680c8ec3b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine**er.e ]Ɋ& '!Xr.ee F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ddc720b-6420-4e18-af42-835191556503 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**fr.e ]Ɋ& ?!Xr.ef F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ddc720b-6420-4e18-af42-835191556503 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**gr.e ]Ɋ& ;!Xr.eg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ddc720b-6420-4e18-af42-835191556503 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**hr.e ]Ɋ& 3!Xr.eh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ddc720b-6420-4e18-af42-835191556503 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh**ir.e ]Ɋ& 3!Xr.ei F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ddc720b-6420-4e18-af42-835191556503 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**jr.e ]Ɋ& 5!Xr.ej F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ddc720b-6420-4e18-af42-835191556503 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0kr.e ]Ɋ& !r.ek F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ddc720b-6420-4e18-af42-835191556503 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7dbfc64b-3938-442c-b6c9-9dd22b8363aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@l/e ]Ɋ& !/el F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ddc720b-6420-4e18-af42-835191556503 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7dbfc64b-3938-442c-b6c9-9dd22b8363aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@**m  ]Ɋ& )!X m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0c85057e-1264-42f1-ad79-7913f93f04d8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce4-**n  ]Ɋ& A!X n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0c85057e-1264-42f1-ad79-7913f93f04d8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**o  ]Ɋ& =!X o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0c85057e-1264-42f1-ad79-7913f93f04d8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **p  ]Ɋ& 5!X p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0c85057e-1264-42f1-ad79-7913f93f04d8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**q  ]Ɋ& 5!X q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0c85057e-1264-42f1-ad79-7913f93f04d8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=($)**r  ]Ɋ& 7!X r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0c85057e-1264-42f1-ad79-7913f93f04d8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0s  ]Ɋ& ! s F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0c85057e-1264-42f1-ad79-7913f93f04d8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12539b1f-1147-4e33-820e-56945f2cad84 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=70**@t ]Ɋ& !t F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0c85057e-1264-42f1-ad79-7913f93f04d8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12539b1f-1147-4e33-820e-56945f2cad84 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e701a5da-ed06-47df-8553-19f9e3b4fcbf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**pv ]Ɋ& !Xv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e701a5da-ed06-47df-8553-19f9e3b4fcbf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**hw ]Ɋ& !Xw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e701a5da-ed06-47df-8553-19f9e3b4fcbf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**`x ]Ɋ& !Xx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e701a5da-ed06-47df-8553-19f9e3b4fcbf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`y ]Ɋ& !Xy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e701a5da-ed06-47df-8553-19f9e3b4fcbf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hz ]Ɋ& !Xz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e701a5da-ed06-47df-8553-19f9e3b4fcbf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh**{ ]Ɋ&  !{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e701a5da-ed06-47df-8553-19f9e3b4fcbf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a742ef3e-322e-4066-bfcf-ebf2ded36cec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe**| ]Ɋ& !| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e701a5da-ed06-47df-8553-19f9e3b4fcbf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a742ef3e-322e-4066-bfcf-ebf2ded36cec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8}ho ]Ɋ& !Xho} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=17c76407-50a6-417d-a3c9-e600271f5346 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P~ho ]Ɋ& !Xho~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=17c76407-50a6-417d-a3c9-e600271f5346 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**Pho ]Ɋ& !Xho F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=17c76407-50a6-417d-a3c9-e600271f5346 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**Hho ]Ɋ& !Xho F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=17c76407-50a6-417d-a3c9-e600271f5346 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**Hho ]Ɋ& !Xho F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=17c76407-50a6-417d-a3c9-e600271f5346 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**Hho ]Ɋ& !Xho F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=17c76407-50a6-417d-a3c9-e600271f5346 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH**ho ]Ɋ& !ho F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=17c76407-50a6-417d-a3c9-e600271f5346 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8de4c8e7-7d72-465d-bc37-67a0b70e4742 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553**ho ]Ɋ& !ho F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=17c76407-50a6-417d-a3c9-e600271f5346 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8de4c8e7-7d72-465d-bc37-67a0b70e4742 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6f87b022-8fed-444a-87ab-41973d25c6b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6f87b022-8fed-444a-87ab-41973d25c6b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6f87b022-8fed-444a-87ab-41973d25c6b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6f87b022-8fed-444a-87ab-41973d25c6b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6f87b022-8fed-444a-87ab-41973d25c6b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6f87b022-8fed-444a-87ab-41973d25c6b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnk`t:y)Mu=VysMc&&** ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ! F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6f87b022-8fed-444a-87ab-41973d25c6b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f653a3e-88ac-40c9-91ac-b57a7956abb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6f87b022-8fed-444a-87ab-41973d25c6b5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f653a3e-88ac-40c9-91ac-b57a7956abb6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b0718ee1-1930-467b-9a21-9531b4a11eec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b0718ee1-1930-467b-9a21-9531b4a11eec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b0718ee1-1930-467b-9a21-9531b4a11eec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b0718ee1-1930-467b-9a21-9531b4a11eec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b0718ee1-1930-467b-9a21-9531b4a11eec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b0718ee1-1930-467b-9a21-9531b4a11eec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b0718ee1-1930-467b-9a21-9531b4a11eec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d1e28f82-f796-4683-a9ce-4674e6216580 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**+9 ]Ɋ& !+9 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b0718ee1-1930-467b-9a21-9531b4a11eec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d1e28f82-f796-4683-a9ce-4674e6216580 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d4a1cc4f-3c99-49cc-905b-57b5215f1db3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d4a1cc4f-3c99-49cc-905b-57b5215f1db3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d4a1cc4f-3c99-49cc-905b-57b5215f1db3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d4a1cc4f-3c99-49cc-905b-57b5215f1db3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d4a1cc4f-3c99-49cc-905b-57b5215f1db3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d4a1cc4f-3c99-49cc-905b-57b5215f1db3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d4a1cc4f-3c99-49cc-905b-57b5215f1db3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9d75306d-285b-484b-a202-cc9cde3e7a91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d4a1cc4f-3c99-49cc-905b-57b5215f1db3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9d75306d-285b-484b-a202-cc9cde3e7a91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**4 ]Ɋ& '!X4 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d4ee6fa3-6837-4549-847b-e78456dfa6a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**4 ]Ɋ& ?!X4 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d4ee6fa3-6837-4549-847b-e78456dfa6a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4 ]Ɋ& ;!X4 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d4ee6fa3-6837-4549-847b-e78456dfa6a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4 ]Ɋ& 3!X4 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d4ee6fa3-6837-4549-847b-e78456dfa6a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**4 ]Ɋ& 3!X4 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d4ee6fa3-6837-4549-847b-e78456dfa6a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4 ]Ɋ& 5!X4 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d4ee6fa3-6837-4549-847b-e78456dfa6a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**04 ]Ɋ& !4 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d4ee6fa3-6837-4549-847b-e78456dfa6a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=dfa38878-20a4-40e0-9550-61c1b1c53a93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@Ie ]Ɋ& !Ie F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d4ee6fa3-6837-4549-847b-e78456dfa6a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=dfa38878-20a4-40e0-9550-61c1b1c53a93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**!+ ]Ɋ& )!X!+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7ae7f008-afc6-4b81-9782-029f80c8c29b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**!+ ]Ɋ& A!X!+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7ae7f008-afc6-4b81-9782-029f80c8c29b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6-47**!+ ]Ɋ& =!X!+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7ae7f008-afc6-4b81-9782-029f80c8c29b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **!+ ]Ɋ& 5!X!+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7ae7f008-afc6-4b81-9782-029f80c8c29b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**!+ ]Ɋ& 5!X!+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7ae7f008-afc6-4b81-9782-029f80c8c29b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!+ ]Ɋ& 7!X!+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7ae7f008-afc6-4b81-9782-029f80c8c29b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0!+ ]Ɋ& !!+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7ae7f008-afc6-4b81-9782-029f80c8c29b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0456bf8e-1a9c-4db9-8123-dddd79878032 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@R#+ ]Ɋ& !R#+ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7ae7f008-afc6-4b81-9782-029f80c8c29b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0456bf8e-1a9c-4db9-8123-dddd79878032 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**XR#+ ]Ɋ& !XR#+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d5a6e7f8-f932-42ff-a50d-50b128d5210a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**pR#+ ]Ɋ& !XR#+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d5a6e7f8-f932-42ff-a50d-50b128d5210a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**hR#+ ]Ɋ& !XR#+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d5a6e7f8-f932-42ff-a50d-50b128d5210a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**`R#+ ]Ɋ& !XR#+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d5a6e7f8-f932-42ff-a50d-50b128d5210a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`R#+ ]Ɋ& !XR#+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d5a6e7f8-f932-42ff-a50d-50b128d5210a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**hR#+ ]Ɋ& !XR#+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d5a6e7f8-f932-42ff-a50d-50b128d5210a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**R#+ ]Ɋ&  !R#+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d5a6e7f8-f932-42ff-a50d-50b128d5210a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=642e33c6-b324-449c-b320-01ad31a121a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand**^$+ ]Ɋ& !^$+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d5a6e7f8-f932-42ff-a50d-50b128d5210a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=642e33c6-b324-449c-b320-01ad31a121a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8^$+ ]Ɋ& !X^$+ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d0225a3a-e5e0-4238-a0d8-f89773bea049 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**P^$+ ]Ɋ& !X^$+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d0225a3a-e5e0-4238-a0d8-f89773bea049 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P^$+ ]Ɋ& !X^$+ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d0225a3a-e5e0-4238-a0d8-f89773bea049 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**H^$+ ]Ɋ& !X^$+ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d0225a3a-e5e0-4238-a0d8-f89773bea049 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**H^$+ ]Ɋ& !X^$+ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d0225a3a-e5e0-4238-a0d8-f89773bea049 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**H^$+ ]Ɋ& !X^$+ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d0225a3a-e5e0-4238-a0d8-f89773bea049 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH**^$+ ]Ɋ& !^$+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d0225a3a-e5e0-4238-a0d8-f89773bea049 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=845fb579-db69-4aaf-87da-fef2516a1166 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= Comm^$+ElfChnkHtfbbRMu=VysMc&&**^$+ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !^$+ F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d0225a3a-e5e0-4238-a0d8-f89773bea049 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=845fb579-db69-4aaf-87da-fef2516a1166 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**X$+ ]Ɋ& !X$+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cad2537c-c751-4310-9b13-a9a3f349a86b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**p$+ ]Ɋ& !X$+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cad2537c-c751-4310-9b13-a9a3f349a86b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**h$+ ]Ɋ& !X$+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cad2537c-c751-4310-9b13-a9a3f349a86b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`$+ ]Ɋ& !X$+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cad2537c-c751-4310-9b13-a9a3f349a86b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`$+ ]Ɋ& !X$+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cad2537c-c751-4310-9b13-a9a3f349a86b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`·$+ ]Ɋ& !X$+· F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cad2537c-c751-4310-9b13-a9a3f349a86b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**÷$+ ]Ɋ& !$+÷ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cad2537c-c751-4310-9b13-a9a3f349a86b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e491ba01-e65d-4bd3-b09f-7d508ed11b30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=а**ķ$+ ]Ɋ& !$+ķ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cad2537c-c751-4310-9b13-a9a3f349a86b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e491ba01-e65d-4bd3-b09f-7d508ed11b30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(ŷ%+ ]Ɋ& !X%+ŷ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c4e1451-9f64-4c55-bb33-98354200c2cc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5(**@Ʒ%+ ]Ɋ& !X%+Ʒ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c4e1451-9f64-4c55-bb33-98354200c2cc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@Ƿ%+ ]Ɋ& !X%+Ƿ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c4e1451-9f64-4c55-bb33-98354200c2cc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8ȷ%+ ]Ɋ& !X%+ȷ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c4e1451-9f64-4c55-bb33-98354200c2cc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8ɷ%+ ]Ɋ& !X%+ɷ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c4e1451-9f64-4c55-bb33-98354200c2cc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8ʷ%+ ]Ɋ& !X%+ʷ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c4e1451-9f64-4c55-bb33-98354200c2cc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**˷%+ ]Ɋ& !%+˷ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c4e1451-9f64-4c55-bb33-98354200c2cc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ad6d39a8-2bb9-4fbe-885e-2acdccfa6a46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **̷(&+ ]Ɋ& !(&+̷ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c4e1451-9f64-4c55-bb33-98354200c2cc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ad6d39a8-2bb9-4fbe-885e-2acdccfa6a46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**Xͷo'+ ]Ɋ& !Xo'+ͷ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6c5210b6-6267-4a97-9bd6-13111b52b78c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pηo'+ ]Ɋ& !Xo'+η F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6c5210b6-6267-4a97-9bd6-13111b52b78c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pϷo'+ ]Ɋ& !Xo'+Ϸ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6c5210b6-6267-4a97-9bd6-13111b52b78c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hзo'+ ]Ɋ& !Xo'+з F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6c5210b6-6267-4a97-9bd6-13111b52b78c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hѷo'+ ]Ɋ& !Xo'+ѷ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6c5210b6-6267-4a97-9bd6-13111b52b78c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hҷo'+ ]Ɋ& !Xo'+ҷ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6c5210b6-6267-4a97-9bd6-13111b52b78c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**ӷo'+ ]Ɋ&  !o'+ӷ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6c5210b6-6267-4a97-9bd6-13111b52b78c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2da70b1b-6d17-45c6-9283-2184a45eb163 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Է#)+ ]Ɋ& !#)+Է F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6c5210b6-6267-4a97-9bd6-13111b52b78c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2da70b1b-6d17-45c6-9283-2184a45eb163 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**շ#)+ ]Ɋ& '!X#)+շ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1bbda33a-36d6-4be5-bda2-efac1a556725 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ַ#)+ ]Ɋ& ?!X#)+ַ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1bbda33a-36d6-4be5-bda2-efac1a556725 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**׷#)+ ]Ɋ& ;!X#)+׷ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1bbda33a-36d6-4be5-bda2-efac1a556725 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**ط#)+ ]Ɋ& 3!X#)+ط F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1bbda33a-36d6-4be5-bda2-efac1a556725 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **ٷ#)+ ]Ɋ& 3!X#)+ٷ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1bbda33a-36d6-4be5-bda2-efac1a556725 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**ڷ#)+ ]Ɋ& 5!X#)+ڷ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1bbda33a-36d6-4be5-bda2-efac1a556725 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0۷#)+ ]Ɋ& !#)+۷ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1bbda33a-36d6-4be5-bda2-efac1a556725 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3269b0b1-cdb4-45ff-9bed-fc1c234dc387 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@ܷT*+ ]Ɋ& !T*+ܷ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1bbda33a-36d6-4be5-bda2-efac1a556725 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3269b0b1-cdb4-45ff-9bed-fc1c234dc387 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-ddd@**ݷ+w ]Ɋ& )!X+wݷ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c1b8b108-00be-46c1-b029-39b52c822955 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**޷+w ]Ɋ& A!X+w޷ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c1b8b108-00be-46c1-b029-39b52c822955 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**߷+w ]Ɋ& =!X+w߷ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c1b8b108-00be-46c1-b029-39b52c822955 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=50**+w ]Ɋ& 5!X+w F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c1b8b108-00be-46c1-b029-39b52c822955 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**+w ]Ɋ& 5!X+w F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c1b8b108-00be-46c1-b029-39b52c822955 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**+w ]Ɋ& 7!X+w F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c1b8b108-00be-46c1-b029-39b52c822955 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R**0§w ]Ɋ& !§w F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c1b8b108-00be-46c1-b029-39b52c822955 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ffeed079-a66f-4c49-a89f-6539ae3f7304 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@w ]Ɋ& !w F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c1b8b108-00be-46c1-b029-39b52c822955 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ffeed079-a66f-4c49-a89f-6539ae3f7304 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**Xqw ]Ɋ& !Xqw F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c04c1b76-3747-431d-9a78-a65e6c7dc550 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**pqw ]Ɋ& !Xqw F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c04c1b76-3747-431d-9a78-a65e6c7dc550 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hqw ]Ɋ& !Xqw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c04c1b76-3747-431d-9a78-a65e6c7dc550 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`qw ]Ɋ& !Xqw F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c04c1b76-3747-431d-9a78-a65e6c7dc550 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`qw ]Ɋ& !Xqw F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c04c1b76-3747-431d-9a78-a65e6c7dc550 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hqw ]Ɋ& !Xqw F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c04c1b76-3747-431d-9a78-a65e6c7dc550 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**qw ]Ɋ&  !qw F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c04c1b76-3747-431d-9a78-a65e6c7dc550 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=594649a5-58e9-432a-a86b-551fc5db5f89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!^$+ ]Ɋ& atqw F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c04c1b76-3747-431d-9a78-a65e6c7dc550 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=594649a5-58e9-432a-a86b-551fc5db5f89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@FcRoMu=VysMc&&**qw ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !qw F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c04c1b76-3747-431d-9a78-a65e6c7dc550 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=594649a5-58e9-432a-a86b-551fc5db5f89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8qw ]Ɋ& !Xqw F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=765cf3c4-8a90-4b40-bc7d-9da8cb0990d8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**Pqw ]Ɋ& !Xqw F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=765cf3c4-8a90-4b40-bc7d-9da8cb0990d8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**Pqw ]Ɋ& !Xqw F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=765cf3c4-8a90-4b40-bc7d-9da8cb0990d8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**Hqw ]Ɋ& !Xqw F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=765cf3c4-8a90-4b40-bc7d-9da8cb0990d8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**Hqw ]Ɋ& !Xqw F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=765cf3c4-8a90-4b40-bc7d-9da8cb0990d8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**Hqw ]Ɋ& !Xqw F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=765cf3c4-8a90-4b40-bc7d-9da8cb0990d8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**qw ]Ɋ& !qw F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=765cf3c4-8a90-4b40-bc7d-9da8cb0990d8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0d16ad5b-13dc-49fe-80bf-aa4cb205b8b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** w ]Ɋ& ! w F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=765cf3c4-8a90-4b40-bc7d-9da8cb0990d8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0d16ad5b-13dc-49fe-80bf-aa4cb205b8b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X w ]Ɋ& !X w F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=601cc353-3054-4342-8b98-c2d097c3e690 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**p w ]Ɋ& !X w F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=601cc353-3054-4342-8b98-c2d097c3e690 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**h w ]Ɋ& !X w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=601cc353-3054-4342-8b98-c2d097c3e690 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b3h**` w ]Ɋ& !X w F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=601cc353-3054-4342-8b98-c2d097c3e690 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**` w ]Ɋ& !X w F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=601cc353-3054-4342-8b98-c2d097c3e690 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` w ]Ɋ& !X w F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=601cc353-3054-4342-8b98-c2d097c3e690 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `** w ]Ɋ& ! w F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=601cc353-3054-4342-8b98-c2d097c3e690 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a7a52ece-b307-4e36-a993-4401c8cffd9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-**w ]Ɋ& !w F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=601cc353-3054-4342-8b98-c2d097c3e690 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a7a52ece-b307-4e36-a993-4401c8cffd9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**(w ]Ɋ& !Xw F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ceabd5b9-ac9b-4d81-9793-7225ae974e20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@w ]Ɋ& !Xw F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ceabd5b9-ac9b-4d81-9793-7225ae974e20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@w ]Ɋ& !Xw F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ceabd5b9-ac9b-4d81-9793-7225ae974e20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**8w ]Ɋ& !Xw F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ceabd5b9-ac9b-4d81-9793-7225ae974e20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**8w ]Ɋ& !Xw F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ceabd5b9-ac9b-4d81-9793-7225ae974e20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**8w ]Ɋ& !Xw F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ceabd5b9-ac9b-4d81-9793-7225ae974e20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8**w ]Ɋ& !w F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ceabd5b9-ac9b-4d81-9793-7225ae974e20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d80fb9a8-3973-4ed8-9254-5eaf15ce0979 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**w ]Ɋ& !w F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ceabd5b9-ac9b-4d81-9793-7225ae974e20 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d80fb9a8-3973-4ed8-9254-5eaf15ce0979 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**X w ]Ɋ& !X w F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7efa0b26-8b1d-41c8-b4c6-57a47a940e4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**p w ]Ɋ& !X w F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7efa0b26-8b1d-41c8-b4c6-57a47a940e4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**p w ]Ɋ& !X w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7efa0b26-8b1d-41c8-b4c6-57a47a940e4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**h w ]Ɋ& !X w F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7efa0b26-8b1d-41c8-b4c6-57a47a940e4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**h w ]Ɋ& !X w  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7efa0b26-8b1d-41c8-b4c6-57a47a940e4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**h w ]Ɋ& !X w  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7efa0b26-8b1d-41c8-b4c6-57a47a940e4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h** w ]Ɋ&  ! w  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7efa0b26-8b1d-41c8-b4c6-57a47a940e4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b635c052-5f26-4719-a789-597ae5cd3c73 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta** 96w ]Ɋ& !96w  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7efa0b26-8b1d-41c8-b4c6-57a47a940e4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b635c052-5f26-4719-a789-597ae5cd3c73 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma** 96w ]Ɋ& '!X96w  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=162f523a-1988-4055-8043-5bf367505717 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**96w ]Ɋ& ?!X96w F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=162f523a-1988-4055-8043-5bf367505717 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**96w ]Ɋ& ;!X96w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=162f523a-1988-4055-8043-5bf367505717 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **96w ]Ɋ& 3!X96w F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=162f523a-1988-4055-8043-5bf367505717 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**96w ]Ɋ& 3!X96w F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=162f523a-1988-4055-8043-5bf367505717 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**96w ]Ɋ& 5!X96w F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=162f523a-1988-4055-8043-5bf367505717 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **096w ]Ɋ& !96w F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=162f523a-1988-4055-8043-5bf367505717 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=233e5a14-c67d-4a03-83e8-1aa02f1505fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@fgw ]Ɋ& !fgw F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=162f523a-1988-4055-8043-5bf367505717 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=233e5a14-c67d-4a03-83e8-1aa02f1505fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**UXN ]Ɋ& )!XUXN F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fba2f8e3-cd57-40d3-b9c8-63ae7055b994 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**UXN ]Ɋ& A!XUXN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fba2f8e3-cd57-40d3-b9c8-63ae7055b994 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**UXN ]Ɋ& =!XUXN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fba2f8e3-cd57-40d3-b9c8-63ae7055b994 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**UXN ]Ɋ& 5!XUXN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fba2f8e3-cd57-40d3-b9c8-63ae7055b994 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**UXN ]Ɋ& 5!XUXN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fba2f8e3-cd57-40d3-b9c8-63ae7055b994 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**UXN ]Ɋ& 7!XUXN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fba2f8e3-cd57-40d3-b9c8-63ae7055b994 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0N ]Ɋ& !N F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fba2f8e3-cd57-40d3-b9c8-63ae7055b994 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d751b11-ead9-4a00-bedb-f861dbe3dae8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@"P ]Ɋ& !"P F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fba2f8e3-cd57-40d3-b9c8-63ae7055b994 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d751b11-ead9-4a00-bedb-f861dbe3dae8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fc5@5f89 Pipel ]Ɋ& meXP F&e=ElfChnkLLHMu=VysMc&&**XP ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!XP F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f0563dd7-3bbc-4d99-bbe0-414767b4b2e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pP ]Ɋ& !XP F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f0563dd7-3bbc-4d99-bbe0-414767b4b2e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**hP ]Ɋ& !XP F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f0563dd7-3bbc-4d99-bbe0-414767b4b2e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**` P ]Ɋ& !XP  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f0563dd7-3bbc-4d99-bbe0-414767b4b2e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`!P ]Ɋ& !XP! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f0563dd7-3bbc-4d99-bbe0-414767b4b2e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h"P ]Ɋ& !XP" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f0563dd7-3bbc-4d99-bbe0-414767b4b2e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h**#P ]Ɋ&  !P# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f0563dd7-3bbc-4d99-bbe0-414767b4b2e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=743b4d5f-514f-496a-8cc1-c4c2eafe66b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**$P ]Ɋ& !P$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f0563dd7-3bbc-4d99-bbe0-414767b4b2e3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=743b4d5f-514f-496a-8cc1-c4c2eafe66b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8%P ]Ɋ& !XP% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=105e434f-8a67-4943-8e18-4a9429435351 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P&P ]Ɋ& !XP& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=105e434f-8a67-4943-8e18-4a9429435351 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P'P ]Ɋ& !XP' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=105e434f-8a67-4943-8e18-4a9429435351 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H(P ]Ɋ& !XP( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=105e434f-8a67-4943-8e18-4a9429435351 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H)P ]Ɋ& !XP) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=105e434f-8a67-4943-8e18-4a9429435351 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**H*P ]Ɋ& !XP* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=105e434f-8a67-4943-8e18-4a9429435351 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**+P ]Ɋ& !P+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=105e434f-8a67-4943-8e18-4a9429435351 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e570ce53-27f3-45cc-912e-048a6e953e4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **,ESQ ]Ɋ& !ESQ, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=105e434f-8a67-4943-8e18-4a9429435351 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e570ce53-27f3-45cc-912e-048a6e953e4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X-ESQ ]Ɋ& !XESQ- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9bce849d-5881-44e1-be97-49ecd3237e7e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p.ESQ ]Ɋ& !XESQ. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9bce849d-5881-44e1-be97-49ecd3237e7e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h/ESQ ]Ɋ& !XESQ/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9bce849d-5881-44e1-be97-49ecd3237e7e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`0ESQ ]Ɋ& !XESQ0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9bce849d-5881-44e1-be97-49ecd3237e7e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`1ESQ ]Ɋ& !XESQ1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9bce849d-5881-44e1-be97-49ecd3237e7e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`2ESQ ]Ɋ& !XESQ2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9bce849d-5881-44e1-be97-49ecd3237e7e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**3ESQ ]Ɋ& !ESQ3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9bce849d-5881-44e1-be97-49ecd3237e7e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=753110e4-5d0b-49ae-885a-87ce42e56253 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4Q ]Ɋ& !Q4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9bce849d-5881-44e1-be97-49ecd3237e7e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=753110e4-5d0b-49ae-885a-87ce42e56253 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(5Q ]Ɋ& !XQ5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a9a5b793-1157-4810-a14a-5af848150575 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@6Q ]Ɋ& !XQ6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a9a5b793-1157-4810-a14a-5af848150575 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f@**@7Q ]Ɋ& !XQ7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a9a5b793-1157-4810-a14a-5af848150575 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**88Q ]Ɋ& !XQ8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a9a5b793-1157-4810-a14a-5af848150575 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**89Q ]Ɋ& !XQ9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a9a5b793-1157-4810-a14a-5af848150575 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==7e8**8:Q ]Ɋ& !XQ: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a9a5b793-1157-4810-a14a-5af848150575 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**;Q ]Ɋ& !Q; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a9a5b793-1157-4810-a14a-5af848150575 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d6042bc5-13e9-4fb3-a7d3-b80691ed785c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**<rR ]Ɋ& !rR< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a9a5b793-1157-4810-a14a-5af848150575 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d6042bc5-13e9-4fb3-a7d3-b80691ed785c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**X=6NT ]Ɋ& !X6NT= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ed499ee9-90d8-4a93-9329-90ee6dc87087 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**p>6NT ]Ɋ& !X6NT> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ed499ee9-90d8-4a93-9329-90ee6dc87087 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**p?6NT ]Ɋ& !X6NT? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ed499ee9-90d8-4a93-9329-90ee6dc87087 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**h@6NT ]Ɋ& !X6NT@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ed499ee9-90d8-4a93-9329-90ee6dc87087 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hA6NT ]Ɋ& !X6NTA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ed499ee9-90d8-4a93-9329-90ee6dc87087 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hB6NT ]Ɋ& !X6NTB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ed499ee9-90d8-4a93-9329-90ee6dc87087 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**C6NT ]Ɋ&  !6NTC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ed499ee9-90d8-4a93-9329-90ee6dc87087 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=93b822a7-58d5-4453-afca-f3102539030a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**DT ]Ɋ& !TD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ed499ee9-90d8-4a93-9329-90ee6dc87087 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=93b822a7-58d5-4453-afca-f3102539030a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **EcU ]Ɋ& '!XcUE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1231ab96-b7c3-49d0-95a5-ffc5f467605a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**FcU ]Ɋ& ?!XcUF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1231ab96-b7c3-49d0-95a5-ffc5f467605a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**GcU ]Ɋ& ;!XcUG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1231ab96-b7c3-49d0-95a5-ffc5f467605a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**HcU ]Ɋ& 3!XcUH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1231ab96-b7c3-49d0-95a5-ffc5f467605a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**IcU ]Ɋ& 3!XcUI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1231ab96-b7c3-49d0-95a5-ffc5f467605a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**JcU ]Ɋ& 5!XcUJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1231ab96-b7c3-49d0-95a5-ffc5f467605a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0KcU ]Ɋ& !cUK F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1231ab96-b7c3-49d0-95a5-ffc5f467605a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fc8a6c2d-eae4-4ad3-91f1-65a23e914ae9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@LV ]Ɋ& !VL F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1231ab96-b7c3-49d0-95a5-ffc5f467605a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fc8a6c2d-eae4-4ad3-91f1-65a23e914ae9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 @pelineId=  ]Ɋ& maXB>M F&5f89 Pipel ]Ɋ& meXP F&e=ElfChnkM~M~hPLCMu=VysMc&&**MB> ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XB>M F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c813ee03-918b-45c5-bc4e-7abf8f589fdb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**NB> ]Ɋ& A!XB>N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c813ee03-918b-45c5-bc4e-7abf8f589fdb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**OB> ]Ɋ& =!XB>O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c813ee03-918b-45c5-bc4e-7abf8f589fdb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**PB> ]Ɋ& 5!XB>P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c813ee03-918b-45c5-bc4e-7abf8f589fdb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **QB> ]Ɋ& 5!XB>Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c813ee03-918b-45c5-bc4e-7abf8f589fdb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f0**RB> ]Ɋ& 7!XB>R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c813ee03-918b-45c5-bc4e-7abf8f589fdb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0SB> ]Ɋ& !B>S F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c813ee03-918b-45c5-bc4e-7abf8f589fdb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=24221637-c065-46b3-8187-7105766bcc68 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@TJs > ]Ɋ& !Js >T F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c813ee03-918b-45c5-bc4e-7abf8f589fdb HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=24221637-c065-46b3-8187-7105766bcc68 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**XU !> ]Ɋ& !X !>U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=92c195d8-7f84-4c8e-9a5b-755baaefe2b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pV !> ]Ɋ& !X !>V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=92c195d8-7f84-4c8e-9a5b-755baaefe2b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**hW !> ]Ɋ& !X !>W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=92c195d8-7f84-4c8e-9a5b-755baaefe2b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`X !> ]Ɋ& !X !>X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=92c195d8-7f84-4c8e-9a5b-755baaefe2b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Y !> ]Ɋ& !X !>Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=92c195d8-7f84-4c8e-9a5b-755baaefe2b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hZ !> ]Ɋ& !X !>Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=92c195d8-7f84-4c8e-9a5b-755baaefe2b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth**[ !> ]Ɋ&  ! !>[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=92c195d8-7f84-4c8e-9a5b-755baaefe2b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2e0a4746-85f2-418a-b03b-fa3737c7c6c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **\ !> ]Ɋ& ! !>\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=92c195d8-7f84-4c8e-9a5b-755baaefe2b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2e0a4746-85f2-418a-b03b-fa3737c7c6c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8]w!> ]Ɋ& !Xw!>] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4e83c71a-b7b8-44ce-9369-10593a9ba552 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**P^w!> ]Ɋ& !Xw!>^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4e83c71a-b7b8-44ce-9369-10593a9ba552 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**P_w!> ]Ɋ& !Xw!>_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4e83c71a-b7b8-44ce-9369-10593a9ba552 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**H`w!> ]Ɋ& !Xw!>` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4e83c71a-b7b8-44ce-9369-10593a9ba552 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**Haw!> ]Ɋ& !Xw!>a F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4e83c71a-b7b8-44ce-9369-10593a9ba552 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hbw!> ]Ɋ& !Xw!>b F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4e83c71a-b7b8-44ce-9369-10593a9ba552 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**cw!> ]Ɋ& !w!>c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4e83c71a-b7b8-44ce-9369-10593a9ba552 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4f16234-db11-406c-83e7-8d98687a610d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**dw!> ]Ɋ& !w!>d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4e83c71a-b7b8-44ce-9369-10593a9ba552 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e4f16234-db11-406c-83e7-8d98687a610d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xew!> ]Ɋ& !Xw!>e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e42ff065-d3f1-4da7-9641-d9bc0057ccb1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pfw!> ]Ɋ& !Xw!>f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e42ff065-d3f1-4da7-9641-d9bc0057ccb1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**hgw!> ]Ɋ& !Xw!>g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e42ff065-d3f1-4da7-9641-d9bc0057ccb1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`hw!> ]Ɋ& !Xw!>h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e42ff065-d3f1-4da7-9641-d9bc0057ccb1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**`iw!> ]Ɋ& !Xw!>i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e42ff065-d3f1-4da7-9641-d9bc0057ccb1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`jw!> ]Ɋ& !Xw!>j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e42ff065-d3f1-4da7-9641-d9bc0057ccb1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**kw!> ]Ɋ& !w!>k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e42ff065-d3f1-4da7-9641-d9bc0057ccb1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c15f6005-1b50-4e79-9f70-5035101b626e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **l="> ]Ɋ& !=">l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e42ff065-d3f1-4da7-9641-d9bc0057ccb1 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c15f6005-1b50-4e79-9f70-5035101b626e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(m="> ]Ɋ& !X=">m F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ac2e40a1-915f-4474-8450-39d52910250e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@n="> ]Ɋ& !X=">n F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ac2e40a1-915f-4474-8450-39d52910250e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@o="> ]Ɋ& !X=">o F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ac2e40a1-915f-4474-8450-39d52910250e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8p="> ]Ɋ& !X=">p F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ac2e40a1-915f-4474-8450-39d52910250e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8q="> ]Ɋ& !X=">q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ac2e40a1-915f-4474-8450-39d52910250e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8r="> ]Ɋ& !X=">r F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ac2e40a1-915f-4474-8450-39d52910250e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**s="> ]Ɋ& !=">s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ac2e40a1-915f-4474-8450-39d52910250e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c6e56fda-ab9c-48eb-9802-a4014d4be2d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**t;n#> ]Ɋ& !;n#>t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ac2e40a1-915f-4474-8450-39d52910250e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c6e56fda-ab9c-48eb-9802-a4014d4be2d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **Xuh$> ]Ɋ& !Xh$>u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f169f089-24ac-437b-abd6-53aa7ab185ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**pvh$> ]Ɋ& !Xh$>v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f169f089-24ac-437b-abd6-53aa7ab185ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**pwh$> ]Ɋ& !Xh$>w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f169f089-24ac-437b-abd6-53aa7ab185ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2a7p**hxh$> ]Ɋ& !Xh$>x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f169f089-24ac-437b-abd6-53aa7ab185ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**hyh$> ]Ɋ& !Xh$>y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f169f089-24ac-437b-abd6-53aa7ab185ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hzh$> ]Ɋ& !Xh$>z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f169f089-24ac-437b-abd6-53aa7ab185ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**{h$> ]Ɋ&  !h$>{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f169f089-24ac-437b-abd6-53aa7ab185ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=915e506e-ba84-419c-bcd9-b83daed35803 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **|7%> ]Ɋ& !7%>| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f169f089-24ac-437b-abd6-53aa7ab185ce HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=915e506e-ba84-419c-bcd9-b83daed35803 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell**}%> ]Ɋ& '!X%>} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=624bade6-a5b0-400e-be80-0d9cfe306f53 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**~%> ]Ɋ& ?!X%>~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=624bade6-a5b0-400e-be80-0d9cfe306f53 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-d0-95a5-ffc5 ]Ɋ& reX%> F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fc8a6c2d-eae4-4ad3-91f1-65a23e914ae9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 @pelineId=  ]Ɋ& maXB>M F&5f89 Pipel ]Ɋ& meXP F&e=ElfChnk@΀Z>QLS(Mu=VysMc&&** %> ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X%> F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=624bade6-a5b0-400e-be80-0d9cfe306f53 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **%> ]Ɋ& 3!X%> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=624bade6-a5b0-400e-be80-0d9cfe306f53 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**%> ]Ɋ& 3!X%> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=624bade6-a5b0-400e-be80-0d9cfe306f53 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f8f**%> ]Ɋ& 5!X%> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=624bade6-a5b0-400e-be80-0d9cfe306f53 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0%> ]Ɋ& !%> F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=624bade6-a5b0-400e-be80-0d9cfe306f53 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=045ba5e9-9975-434d-a993-c68b090ad87e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@'> ]Ɋ& !'> F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=624bade6-a5b0-400e-be80-0d9cfe306f53 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=045ba5e9-9975-434d-a993-c68b090ad87e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@**( ]Ɋ& )!X( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=86439633-a0b7-4be9-af61-3f2202ec630b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **( ]Ɋ& A!X( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=86439633-a0b7-4be9-af61-3f2202ec630b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta**( ]Ɋ& =!X( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=86439633-a0b7-4be9-af61-3f2202ec630b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**( ]Ɋ& 5!X( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=86439633-a0b7-4be9-af61-3f2202ec630b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**( ]Ɋ& 5!X( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=86439633-a0b7-4be9-af61-3f2202ec630b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve**( ]Ɋ& 7!X( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=86439633-a0b7-4be9-af61-3f2202ec630b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**0( ]Ɋ& !( F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=86439633-a0b7-4be9-af61-3f2202ec630b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3fc1ad06-6440-403c-a870-0cc58dacaf13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@&Z ]Ɋ& !&Z F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=86439633-a0b7-4be9-af61-3f2202ec630b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3fc1ad06-6440-403c-a870-0cc58dacaf13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bfa35e3b-0ad2-43a8-b56e-cbc9d133397c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bfa35e3b-0ad2-43a8-b56e-cbc9d133397c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bfa35e3b-0ad2-43a8-b56e-cbc9d133397c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bfa35e3b-0ad2-43a8-b56e-cbc9d133397c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bfa35e3b-0ad2-43a8-b56e-cbc9d133397c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bfa35e3b-0ad2-43a8-b56e-cbc9d133397c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bfa35e3b-0ad2-43a8-b56e-cbc9d133397c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e655e5d6-218a-4cb5-8fce-b94d66851b54 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bfa35e3b-0ad2-43a8-b56e-cbc9d133397c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e655e5d6-218a-4cb5-8fce-b94d66851b54 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**8S ]Ɋ& !XS F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dd3b9fe1-97d4-44d0-b510-8c0bd046936a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**PS ]Ɋ& !XS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dd3b9fe1-97d4-44d0-b510-8c0bd046936a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**PS ]Ɋ& !XS F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dd3b9fe1-97d4-44d0-b510-8c0bd046936a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**HS ]Ɋ& !XS F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dd3b9fe1-97d4-44d0-b510-8c0bd046936a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iH**HS ]Ɋ& !XS F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dd3b9fe1-97d4-44d0-b510-8c0bd046936a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**HS ]Ɋ& !XS F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dd3b9fe1-97d4-44d0-b510-8c0bd046936a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**S ]Ɋ& !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dd3b9fe1-97d4-44d0-b510-8c0bd046936a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e3d58f5-5578-4048-b813-fc2cadae0732 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dd3b9fe1-97d4-44d0-b510-8c0bd046936a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e3d58f5-5578-4048-b813-fc2cadae0732 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XS ]Ɋ& !XS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1243f54c-9248-4f68-86bf-05c1d0845bf5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pS ]Ɋ& !XS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1243f54c-9248-4f68-86bf-05c1d0845bf5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**hS ]Ɋ& !XS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1243f54c-9248-4f68-86bf-05c1d0845bf5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`S ]Ɋ& !XS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1243f54c-9248-4f68-86bf-05c1d0845bf5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=25`**`S ]Ɋ& !XS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1243f54c-9248-4f68-86bf-05c1d0845bf5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`S ]Ɋ& !XS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1243f54c-9248-4f68-86bf-05c1d0845bf5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**S ]Ɋ& !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1243f54c-9248-4f68-86bf-05c1d0845bf5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0c36dfac-ffff-4721-bae8-af9588f84314 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**# ]Ɋ& !# F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1243f54c-9248-4f68-86bf-05c1d0845bf5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0c36dfac-ffff-4721-bae8-af9588f84314 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8eb**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cac94200-c19e-4e9e-87cb-69670515cc33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cac94200-c19e-4e9e-87cb-69670515cc33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cac94200-c19e-4e9e-87cb-69670515cc33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cac94200-c19e-4e9e-87cb-69670515cc33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cac94200-c19e-4e9e-87cb-69670515cc33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cac94200-c19e-4e9e-87cb-69670515cc33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cac94200-c19e-4e9e-87cb-69670515cc33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a32bc7f4-93d4-4778-a881-6b43968e7b22 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cac94200-c19e-4e9e-87cb-69670515cc33 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a32bc7f4-93d4-4778-a881-6b43968e7b22 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eb3d833a-40f8-4dac-8016-8ec3a3eed232 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eb3d833a-40f8-4dac-8016-8ec3a3eed232 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eb3d833a-40f8-4dac-8016-8ec3a3eed232 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eb3d833a-40f8-4dac-8016-8ec3a3eed232 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eb3d833a-40f8-4dac-8016-8ec3a3eed232 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& X F&]Ɋ& meXP F&e=ElfChnkHu0Mu=VysMc&&**p  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eb3d833a-40f8-4dac-8016-8ec3a3eed232 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp ** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eb3d833a-40f8-4dac-8016-8ec3a3eed232 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=087a1740-0277-4ea2-9f91-b64fffebc0b0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**a ]Ɋ& !a F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eb3d833a-40f8-4dac-8016-8ec3a3eed232 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=087a1740-0277-4ea2-9f91-b64fffebc0b0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio**J ]Ɋ& '!XJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6bb99583-e8ff-4524-b705-280b52d046ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**J ]Ɋ& ?!XJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6bb99583-e8ff-4524-b705-280b52d046ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2**J ]Ɋ& ;!XJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6bb99583-e8ff-4524-b705-280b52d046ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**J ]Ɋ& 3!XJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6bb99583-e8ff-4524-b705-280b52d046ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**J ]Ɋ& 3!XJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6bb99583-e8ff-4524-b705-280b52d046ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **J ]Ɋ& 5!XJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6bb99583-e8ff-4524-b705-280b52d046ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0J ]Ɋ& !J F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6bb99583-e8ff-4524-b705-280b52d046ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a323a06c-4062-4e85-8eb7-600b4fc3c8bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=220**@%| ]Ɋ& !%| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6bb99583-e8ff-4524-b705-280b52d046ac HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a323a06c-4062-4e85-8eb7-600b4fc3c8bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**|{ ]Ɋ& )!X|{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=54395b74-f07b-40d4-b0af-520235174e20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**|{ ]Ɋ& A!X|{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=54395b74-f07b-40d4-b0af-520235174e20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**|{ ]Ɋ& =!X|{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=54395b74-f07b-40d4-b0af-520235174e20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**|{ ]Ɋ& 5!X|{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=54395b74-f07b-40d4-b0af-520235174e20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**|{ ]Ɋ& 5!X|{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=54395b74-f07b-40d4-b0af-520235174e20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**¸|{ ]Ɋ& 7!X|{¸ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=54395b74-f07b-40d4-b0af-520235174e20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0ø|{ ]Ɋ& !|{ø F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=54395b74-f07b-40d4-b0af-520235174e20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=013e7ce5-d9e5-4b89-9bb0-b7f054446f91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@ĸ ]Ɋ& !ĸ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=54395b74-f07b-40d4-b0af-520235174e20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=013e7ce5-d9e5-4b89-9bb0-b7f054446f91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XŸ ]Ɋ& !XŸ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ec3c4e21-c2dd-41d7-98c2-33f9e35d54f3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pƸ ]Ɋ& !XƸ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ec3c4e21-c2dd-41d7-98c2-33f9e35d54f3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hǸ ]Ɋ& !XǸ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ec3c4e21-c2dd-41d7-98c2-33f9e35d54f3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`ȸ ]Ɋ& !Xȸ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ec3c4e21-c2dd-41d7-98c2-33f9e35d54f3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**`ɸ ]Ɋ& !Xɸ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ec3c4e21-c2dd-41d7-98c2-33f9e35d54f3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hʸ ]Ɋ& !Xʸ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ec3c4e21-c2dd-41d7-98c2-33f9e35d54f3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**˸ ]Ɋ&  !˸ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ec3c4e21-c2dd-41d7-98c2-33f9e35d54f3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22a7efd1-9c54-4b75-9952-ea74b7f691cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**̸ ]Ɋ& !̸ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ec3c4e21-c2dd-41d7-98c2-33f9e35d54f3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22a7efd1-9c54-4b75-9952-ea74b7f691cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8͸0@ ]Ɋ& !X0@͸ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2565c9a9-7d6d-490d-a4cf-478b8255327f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**Pθ0@ ]Ɋ& !X0@θ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2565c9a9-7d6d-490d-a4cf-478b8255327f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**Pϸ0@ ]Ɋ& !X0@ϸ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2565c9a9-7d6d-490d-a4cf-478b8255327f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**Hи0@ ]Ɋ& !X0@и F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2565c9a9-7d6d-490d-a4cf-478b8255327f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**HѸ0@ ]Ɋ& !X0@Ѹ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2565c9a9-7d6d-490d-a4cf-478b8255327f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HҸ0@ ]Ɋ& !X0@Ҹ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2565c9a9-7d6d-490d-a4cf-478b8255327f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**Ӹ0@ ]Ɋ& !0@Ӹ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2565c9a9-7d6d-490d-a4cf-478b8255327f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bffac1c-55f0-4a68-bf33-df7263074b80 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ը0@ ]Ɋ& !0@Ը F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2565c9a9-7d6d-490d-a4cf-478b8255327f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bffac1c-55f0-4a68-bf33-df7263074b80 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xո ]Ɋ& !Xո F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ffd2b9b2-dc8d-45e3-be95-febf814b700e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pָ ]Ɋ& !Xָ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ffd2b9b2-dc8d-45e3-be95-febf814b700e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h׸ ]Ɋ& !X׸ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ffd2b9b2-dc8d-45e3-be95-febf814b700e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`ظ ]Ɋ& !Xظ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ffd2b9b2-dc8d-45e3-be95-febf814b700e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`ٸ ]Ɋ& !Xٸ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ffd2b9b2-dc8d-45e3-be95-febf814b700e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`ڸ ]Ɋ& !Xڸ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ffd2b9b2-dc8d-45e3-be95-febf814b700e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**۸ ]Ɋ& !۸ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ffd2b9b2-dc8d-45e3-be95-febf814b700e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc344741-47fe-4c57-a323-a819fd0565fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**ܸ ]Ɋ& !ܸ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ffd2b9b2-dc8d-45e3-be95-febf814b700e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cc344741-47fe-4c57-a323-a819fd0565fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(ݸ6 ]Ɋ& !X6ݸ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4da6d03c-23f0-446b-8394-185b830f9134 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@޸6 ]Ɋ& !X6޸ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4da6d03c-23f0-446b-8394-185b830f9134 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@߸6 ]Ɋ& !X6߸ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4da6d03c-23f0-446b-8394-185b830f9134 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**86 ]Ɋ& !X6 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4da6d03c-23f0-446b-8394-185b830f9134 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**86 ]Ɋ& !X6 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4da6d03c-23f0-446b-8394-185b830f9134 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**86 ]Ɋ& !X6 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4da6d03c-23f0-446b-8394-185b830f9134 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**6 ]Ɋ& !6 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4da6d03c-23f0-446b-8394-185b830f9134 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f11eb78-b77a-4327-af75-7ef418574227 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**>g ]Ɋ& !>g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4da6d03c-23f0-446b-8394-185b830f9134 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f11eb78-b77a-4327-af75-7ef418574227 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& X\ F&X F&]Ɋ& meXP F&e=ElfChnkHԨa[Mu=VysMc&&**` \ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!X\ F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c273cf43-0abe-40b8-ae73-1c49b94a5068 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **p\ ]Ɋ& !X\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c273cf43-0abe-40b8-ae73-1c49b94a5068 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p\ ]Ɋ& !X\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c273cf43-0abe-40b8-ae73-1c49b94a5068 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**h\ ]Ɋ& !X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c273cf43-0abe-40b8-ae73-1c49b94a5068 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h\ ]Ɋ& !X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c273cf43-0abe-40b8-ae73-1c49b94a5068 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h\ ]Ɋ& !X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c273cf43-0abe-40b8-ae73-1c49b94a5068 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**\ ]Ɋ&  !\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c273cf43-0abe-40b8-ae73-1c49b94a5068 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=acb3b921-2566-426a-9d1b-915ef16ee588 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c273cf43-0abe-40b8-ae73-1c49b94a5068 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=acb3b921-2566-426a-9d1b-915ef16ee588 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=160a000c-6683-4d21-b266-bcde4ce6c873 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=160a000c-6683-4d21-b266-bcde4ce6c873 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=160a000c-6683-4d21-b266-bcde4ce6c873 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4-b** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=160a000c-6683-4d21-b266-bcde4ce6c873 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=160a000c-6683-4d21-b266-bcde4ce6c873 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0a** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=160a000c-6683-4d21-b266-bcde4ce6c873 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=160a000c-6683-4d21-b266-bcde4ce6c873 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ba4ba652-ba60-4243-9480-b94499fc155d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@] ]Ɋ& !] F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=160a000c-6683-4d21-b266-bcde4ce6c873 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ba4ba652-ba60-4243-9480-b94499fc155d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**$X ]Ɋ& )!X$X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=534f69c4-2bf7-4149-8c96-286985ca3fbc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**$X ]Ɋ& A!X$X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=534f69c4-2bf7-4149-8c96-286985ca3fbc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **$X ]Ɋ& =!X$X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=534f69c4-2bf7-4149-8c96-286985ca3fbc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**$X ]Ɋ& 5!X$X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=534f69c4-2bf7-4149-8c96-286985ca3fbc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**$X ]Ɋ& 5!X$X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=534f69c4-2bf7-4149-8c96-286985ca3fbc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **$X ]Ɋ& 7!X$X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=534f69c4-2bf7-4149-8c96-286985ca3fbc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0$X ]Ɋ& !$X F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=534f69c4-2bf7-4149-8c96-286985ca3fbc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b45ba1ba-c3ff-458a-aa76-47d152ab3ac9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@G%X ]Ɋ& !G%X F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=534f69c4-2bf7-4149-8c96-286985ca3fbc HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b45ba1ba-c3ff-458a-aa76-47d152ab3ac9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**X`&X ]Ɋ& !X`&X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bd9c0bc2-f9e1-4ae4-b43f-952758fad70c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0X**p`&X ]Ɋ& !X`&X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bd9c0bc2-f9e1-4ae4-b43f-952758fad70c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**h`&X ]Ɋ& !X`&X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bd9c0bc2-f9e1-4ae4-b43f-952758fad70c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**``&X ]Ɋ& !X`&X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bd9c0bc2-f9e1-4ae4-b43f-952758fad70c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**``&X ]Ɋ& !X`&X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bd9c0bc2-f9e1-4ae4-b43f-952758fad70c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**h`&X ]Ɋ& !X`&X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bd9c0bc2-f9e1-4ae4-b43f-952758fad70c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**`&X ]Ɋ&  !`&X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bd9c0bc2-f9e1-4ae4-b43f-952758fad70c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a702c3a-356f-4632-9619-b98dbf7b864a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**t&X ]Ɋ& !t&X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bd9c0bc2-f9e1-4ae4-b43f-952758fad70c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5a702c3a-356f-4632-9619-b98dbf7b864a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8t&X ]Ɋ& !Xt&X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=173aaac1-2212-40e3-a4a8-8e7c6eea30c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**Pt&X ]Ɋ& !Xt&X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=173aaac1-2212-40e3-a4a8-8e7c6eea30c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**Pt&X ]Ɋ& !Xt&X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=173aaac1-2212-40e3-a4a8-8e7c6eea30c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**Ht&X ]Ɋ& !Xt&X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=173aaac1-2212-40e3-a4a8-8e7c6eea30c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**H t&X ]Ɋ& !Xt&X  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=173aaac1-2212-40e3-a4a8-8e7c6eea30c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**H t&X ]Ɋ& !Xt&X  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=173aaac1-2212-40e3-a4a8-8e7c6eea30c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH** t&X ]Ɋ& !t&X  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=173aaac1-2212-40e3-a4a8-8e7c6eea30c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d89a5985-f098-481c-951c-9bcaf75f5afd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e ** t&X ]Ɋ& !t&X  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=173aaac1-2212-40e3-a4a8-8e7c6eea30c4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d89a5985-f098-481c-951c-9bcaf75f5afd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X 8(X ]Ɋ& !X8(X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3abf17ae-763b-4f41-bfa5-8b80f678fb56 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ݸX**p8(X ]Ɋ& !X8(X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3abf17ae-763b-4f41-bfa5-8b80f678fb56 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**h8(X ]Ɋ& !X8(X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3abf17ae-763b-4f41-bfa5-8b80f678fb56 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`8(X ]Ɋ& !X8(X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3abf17ae-763b-4f41-bfa5-8b80f678fb56 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`8(X ]Ɋ& !X8(X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3abf17ae-763b-4f41-bfa5-8b80f678fb56 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`8(X ]Ɋ& !X8(X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3abf17ae-763b-4f41-bfa5-8b80f678fb56 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**8(X ]Ɋ& !8(X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3abf17ae-763b-4f41-bfa5-8b80f678fb56 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a1255c22-58ae-405d-be3c-4e5ef93d51c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**[)X ]Ɋ& ![)X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3abf17ae-763b-4f41-bfa5-8b80f678fb56 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a1255c22-58ae-405d-be3c-4e5ef93d51c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**((+X ]Ɋ& !X(+X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=db1e4f6d-704d-4289-af4d-58030dca2b9c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@(+X ]Ɋ& !X(+X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=db1e4f6d-704d-4289-af4d-58030dca2b9c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& X(+X F&X F&]Ɋ& meXP F&e=ElfChnkGGPqv`=Mu=VysMc&&**@ (+X ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!X(+X F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=db1e4f6d-704d-4289-af4d-58030dca2b9c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8(+X ]Ɋ& !X(+X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=db1e4f6d-704d-4289-af4d-58030dca2b9c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8(+X ]Ɋ& !X(+X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=db1e4f6d-704d-4289-af4d-58030dca2b9c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8(+X ]Ɋ& !X(+X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=db1e4f6d-704d-4289-af4d-58030dca2b9c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**(+X ]Ɋ& !(+X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=db1e4f6d-704d-4289-af4d-58030dca2b9c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c18b35ef-8a64-4f46-ba63-95253f25e735 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**U,X ]Ɋ& !U,X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=db1e4f6d-704d-4289-af4d-58030dca2b9c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c18b35ef-8a64-4f46-ba63-95253f25e735 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X4X ]Ɋ& !X4X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8e64dfd8-2d78-402c-843e-f37a7c050bfd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**p4X ]Ɋ& !X4X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8e64dfd8-2d78-402c-843e-f37a7c050bfd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p4X ]Ɋ& !X4X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8e64dfd8-2d78-402c-843e-f37a7c050bfd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**h 4X ]Ɋ& !X4X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8e64dfd8-2d78-402c-843e-f37a7c050bfd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**h!4X ]Ɋ& !X4X! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8e64dfd8-2d78-402c-843e-f37a7c050bfd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h"4X ]Ɋ& !X4X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8e64dfd8-2d78-402c-843e-f37a7c050bfd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**#4X ]Ɋ&  !4X# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8e64dfd8-2d78-402c-843e-f37a7c050bfd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c5a50232-6e2a-47ea-88b4-bdfa71150b28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**$G5X ]Ɋ& !G5X$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8e64dfd8-2d78-402c-843e-f37a7c050bfd HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c5a50232-6e2a-47ea-88b4-bdfa71150b28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**%G5X ]Ɋ& '!XG5X% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=04b9717e-bd57-46f5-8a55-e75f3530ef56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**&G5X ]Ɋ& ?!XG5X& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=04b9717e-bd57-46f5-8a55-e75f3530ef56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**'G5X ]Ɋ& ;!XG5X' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=04b9717e-bd57-46f5-8a55-e75f3530ef56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-41**(G5X ]Ɋ& 3!XG5X( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=04b9717e-bd57-46f5-8a55-e75f3530ef56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****)G5X ]Ɋ& 3!XG5X) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=04b9717e-bd57-46f5-8a55-e75f3530ef56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=149***G5X ]Ɋ& 5!XG5X* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=04b9717e-bd57-46f5-8a55-e75f3530ef56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0+G5X ]Ɋ& !G5X+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=04b9717e-bd57-46f5-8a55-e75f3530ef56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9ce1df84-0862-4b4b-9721-94b8e6111e59 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@,x6X ]Ɋ& !x6X, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=04b9717e-bd57-46f5-8a55-e75f3530ef56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9ce1df84-0862-4b4b-9721-94b8e6111e59 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**-#A ]Ɋ& )!X#A- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ea341f9b-d504-4342-95f1-d853a662b942 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**.#A ]Ɋ& A!X#A. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ea341f9b-d504-4342-95f1-d853a662b942 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId**/#A ]Ɋ& =!X#A/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ea341f9b-d504-4342-95f1-d853a662b942 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**0#A ]Ɋ& 5!X#A0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ea341f9b-d504-4342-95f1-d853a662b942 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/**1#A ]Ɋ& 5!X#A1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ea341f9b-d504-4342-95f1-d853a662b942 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d7**2#A ]Ɋ& 7!X#A2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ea341f9b-d504-4342-95f1-d853a662b942 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**03+A ]Ɋ& !+A3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ea341f9b-d504-4342-95f1-d853a662b942 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c0170902-7036-4225-8018-fc1309dfac76 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@4XB ]Ɋ& !XB4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ea341f9b-d504-4342-95f1-d853a662b942 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c0170902-7036-4225-8018-fc1309dfac76 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**X5XB ]Ɋ& !XXB5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0bf0c0c2-1ab9-4298-8788-b1b83957c468 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p6XB ]Ɋ& !XXB6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0bf0c0c2-1ab9-4298-8788-b1b83957c468 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h7XB ]Ɋ& !XXB7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0bf0c0c2-1ab9-4298-8788-b1b83957c468 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`8XB ]Ɋ& !XXB8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0bf0c0c2-1ab9-4298-8788-b1b83957c468 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`9XB ]Ɋ& !XXB9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0bf0c0c2-1ab9-4298-8788-b1b83957c468 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**h:XB ]Ɋ& !XXB: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0bf0c0c2-1ab9-4298-8788-b1b83957c468 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**;XB ]Ɋ&  !XB; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0bf0c0c2-1ab9-4298-8788-b1b83957c468 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d02bbaa2-71c9-412d-b4a9-7e6bbc356295 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**<C ]Ɋ& !C< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0bf0c0c2-1ab9-4298-8788-b1b83957c468 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d02bbaa2-71c9-412d-b4a9-7e6bbc356295 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8=C ]Ɋ& !XC= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5a38695c-6be4-4154-b061-97e3cea4e668 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**P>C ]Ɋ& !XC> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5a38695c-6be4-4154-b061-97e3cea4e668 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**P?C ]Ɋ& !XC? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5a38695c-6be4-4154-b061-97e3cea4e668 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**H@C ]Ɋ& !XC@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5a38695c-6be4-4154-b061-97e3cea4e668 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**HAC ]Ɋ& !XCA F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5a38695c-6be4-4154-b061-97e3cea4e668 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**HBC ]Ɋ& !XCB F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5a38695c-6be4-4154-b061-97e3cea4e668 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**CC ]Ɋ& !CC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5a38695c-6be4-4154-b061-97e3cea4e668 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c0bf9744-26bf-4516-8d60-db0e906656e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**DD ]Ɋ& !DD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5a38695c-6be4-4154-b061-97e3cea4e668 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c0bf9744-26bf-4516-8d60-db0e906656e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**XED ]Ɋ& !XDE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=70bc1d16-7b39-46ca-8612-f3b5fee977d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=+XX**pFD ]Ɋ& !XDF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=70bc1d16-7b39-46ca-8612-f3b5fee977d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**hGD ]Ɋ& !XDG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=70bc1d16-7b39-46ca-8612-f3b5fee977d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  XDH F&CommandPath= CommandLine= @riptName=  ]Ɋ& X(+X F&X F&]Ɋ& meXP F&e=ElfChnkHxHxXH42Mu=VysMc&&**hHD ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!XDH F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=70bc1d16-7b39-46ca-8612-f3b5fee977d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`ID ]Ɋ& !XDI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=70bc1d16-7b39-46ca-8612-f3b5fee977d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`JD ]Ɋ& !XDJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=70bc1d16-7b39-46ca-8612-f3b5fee977d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**KD ]Ɋ& !DK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=70bc1d16-7b39-46ca-8612-f3b5fee977d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fd3d3b6f-c89c-4e9f-8603-69c5be4a85bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **LD ]Ɋ& !DL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=70bc1d16-7b39-46ca-8612-f3b5fee977d8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fd3d3b6f-c89c-4e9f-8603-69c5be4a85bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(MD ]Ɋ& !XDM F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=36a81f6b-0c6a-494c-8dee-3f2519eb3feb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@ND ]Ɋ& !XDN F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=36a81f6b-0c6a-494c-8dee-3f2519eb3feb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@OD ]Ɋ& !XDO F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=36a81f6b-0c6a-494c-8dee-3f2519eb3feb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8PD ]Ɋ& !XDP F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=36a81f6b-0c6a-494c-8dee-3f2519eb3feb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8QD ]Ɋ& !XDQ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=36a81f6b-0c6a-494c-8dee-3f2519eb3feb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8RD ]Ɋ& !XDR F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=36a81f6b-0c6a-494c-8dee-3f2519eb3feb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8**SD ]Ɋ& !DS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=36a81f6b-0c6a-494c-8dee-3f2519eb3feb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c3d448b1-7fd8-4cd3-a9cb-b268e06ded02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**TOE ]Ɋ& !OET F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=36a81f6b-0c6a-494c-8dee-3f2519eb3feb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c3d448b1-7fd8-4cd3-a9cb-b268e06ded02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**XU߀F ]Ɋ& !X߀FU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bfc1993b-29d0-48be-83f8-d1529cd2b33c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pV߀F ]Ɋ& !X߀FV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bfc1993b-29d0-48be-83f8-d1529cd2b33c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pW߀F ]Ɋ& !X߀FW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bfc1993b-29d0-48be-83f8-d1529cd2b33c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hX߀F ]Ɋ& !X߀FX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bfc1993b-29d0-48be-83f8-d1529cd2b33c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**hY߀F ]Ɋ& !X߀FY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bfc1993b-29d0-48be-83f8-d1529cd2b33c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**hZ߀F ]Ɋ& !X߀FZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bfc1993b-29d0-48be-83f8-d1529cd2b33c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=04h**[uG ]Ɋ&  !uG[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bfc1993b-29d0-48be-83f8-d1529cd2b33c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77165c3b-c81b-483d-b34a-c169490b8080 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **\ G ]Ɋ& ! G\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bfc1993b-29d0-48be-83f8-d1529cd2b33c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77165c3b-c81b-483d-b34a-c169490b8080 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base**] G ]Ɋ& '!X G] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=76b411fa-e735-40fc-928e-f221cc2b954b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**^ G ]Ɋ& ?!X G^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=76b411fa-e735-40fc-928e-f221cc2b954b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**_ G ]Ɋ& ;!X G_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=76b411fa-e735-40fc-928e-f221cc2b954b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe**` G ]Ɋ& 3!X G` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=76b411fa-e735-40fc-928e-f221cc2b954b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F**a G ]Ɋ& 3!X Ga F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=76b411fa-e735-40fc-928e-f221cc2b954b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers**b G ]Ɋ& 5!X Gb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=76b411fa-e735-40fc-928e-f221cc2b954b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0c G ]Ɋ& ! Gc F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=76b411fa-e735-40fc-928e-f221cc2b954b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f8fd07c6-1637-4bfe-a863-c290993726a5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fa0**@d9H ]Ɋ& !9Hd F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=76b411fa-e735-40fc-928e-f221cc2b954b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f8fd07c6-1637-4bfe-a863-c290993726a5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @**e ]Ɋ& )!Xe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0e7448e6-7303-48a6-8327-a414cde45ab0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**f ]Ɋ& A!Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0e7448e6-7303-48a6-8327-a414cde45ab0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**g ]Ɋ& =!Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0e7448e6-7303-48a6-8327-a414cde45ab0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **h ]Ɋ& 5!Xh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0e7448e6-7303-48a6-8327-a414cde45ab0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**i ]Ɋ& 5!Xi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0e7448e6-7303-48a6-8327-a414cde45ab0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**j ]Ɋ& 7!Xj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0e7448e6-7303-48a6-8327-a414cde45ab0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0k ]Ɋ& !k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0e7448e6-7303-48a6-8327-a414cde45ab0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=decb11a3-a686-4e61-bb18-bc8c60f85537 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@lH ]Ɋ& !Hl F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0e7448e6-7303-48a6-8327-a414cde45ab0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=decb11a3-a686-4e61-bb18-bc8c60f85537 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0b@**XmH ]Ɋ& !XHm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d75c4dc-ba48-4e2a-b369-b8297a83387b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**pnH ]Ɋ& !XHn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d75c4dc-ba48-4e2a-b369-b8297a83387b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**hoH ]Ɋ& !XHo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d75c4dc-ba48-4e2a-b369-b8297a83387b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**`pH ]Ɋ& !XHp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d75c4dc-ba48-4e2a-b369-b8297a83387b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9`**`qH ]Ɋ& !XHq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d75c4dc-ba48-4e2a-b369-b8297a83387b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4`**hrH ]Ɋ& !XHr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d75c4dc-ba48-4e2a-b369-b8297a83387b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ea4eh**sH ]Ɋ&  !Hs F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d75c4dc-ba48-4e2a-b369-b8297a83387b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=30106333-2be4-47bc-8add-b683e00d3beb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |**t߀ ]Ɋ& !߀t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d75c4dc-ba48-4e2a-b369-b8297a83387b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=30106333-2be4-47bc-8add-b683e00d3beb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8u߀ ]Ɋ& !X߀u F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fdb5fcbb-8966-471c-a607-0200d6011382 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**Pv߀ ]Ɋ& !X߀v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fdb5fcbb-8966-471c-a607-0200d6011382 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**Pw߀ ]Ɋ& !X߀w F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fdb5fcbb-8966-471c-a607-0200d6011382 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e977P**Hx߀ ]Ɋ& !X߀x F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fdb5fcbb-8966-471c-a607-0200d6011382 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH]Ɋ& ]Ɋ& X߀y ElfChnkyyH y~6Mu=VysMc&&**Hy߀ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X߀y F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fdb5fcbb-8966-471c-a607-0200d6011382 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**Hz߀ ]Ɋ& !X߀z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fdb5fcbb-8966-471c-a607-0200d6011382 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**{߀ ]Ɋ& !߀{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fdb5fcbb-8966-471c-a607-0200d6011382 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf9a70eb-5e13-42fc-9a84-81bdf4f91228 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**|߀ ]Ɋ& !߀| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fdb5fcbb-8966-471c-a607-0200d6011382 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bf9a70eb-5e13-42fc-9a84-81bdf4f91228 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X}u ]Ɋ& !Xu} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=616dfbae-0ed5-4e6a-969e-80f627f86453 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**p~u ]Ɋ& !Xu~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=616dfbae-0ed5-4e6a-969e-80f627f86453 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hu ]Ɋ& !Xu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=616dfbae-0ed5-4e6a-969e-80f627f86453 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`u ]Ɋ& !Xu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=616dfbae-0ed5-4e6a-969e-80f627f86453 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`u ]Ɋ& !Xu F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=616dfbae-0ed5-4e6a-969e-80f627f86453 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`u ]Ɋ& !Xu F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=616dfbae-0ed5-4e6a-969e-80f627f86453 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**u ]Ɋ& !u F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=616dfbae-0ed5-4e6a-969e-80f627f86453 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae16eac6-7590-466b-8dab-5e1a14e28f45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=D**u ]Ɋ& !u F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=616dfbae-0ed5-4e6a-969e-80f627f86453 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae16eac6-7590-466b-8dab-5e1a14e28f45 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(u ]Ɋ& !Xu F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a6f86f76-082a-4d49-b6e8-93c8c375de1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d(**@u ]Ɋ& !Xu F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a6f86f76-082a-4d49-b6e8-93c8c375de1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@u ]Ɋ& !Xu F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a6f86f76-082a-4d49-b6e8-93c8c375de1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8u ]Ɋ& !Xu F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a6f86f76-082a-4d49-b6e8-93c8c375de1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8u ]Ɋ& !Xu F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a6f86f76-082a-4d49-b6e8-93c8c375de1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8  ]Ɋ& !X  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a6f86f76-082a-4d49-b6e8-93c8c375de1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**  ]Ɋ& !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a6f86f76-082a-4d49-b6e8-93c8c375de1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e0ffaa87-8570-49e7-899a-f3c87b4dff4b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **J ]Ɋ& !J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a6f86f76-082a-4d49-b6e8-93c8c375de1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e0ffaa87-8570-49e7-899a-f3c87b4dff4b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**X{ ]Ɋ& !X{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cb50a324-e19d-4e70-bcd4-53377e842630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p{ ]Ɋ& !X{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cb50a324-e19d-4e70-bcd4-53377e842630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p{ ]Ɋ& !X{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cb50a324-e19d-4e70-bcd4-53377e842630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**h{ ]Ɋ& !X{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cb50a324-e19d-4e70-bcd4-53377e842630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**h{ ]Ɋ& !X{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cb50a324-e19d-4e70-bcd4-53377e842630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**h{ ]Ɋ& !X{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cb50a324-e19d-4e70-bcd4-53377e842630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**{ ]Ɋ&  !{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cb50a324-e19d-4e70-bcd4-53377e842630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d0cddf62-c24c-4442-9288-7bac649bfe54 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cb50a324-e19d-4e70-bcd4-53377e842630 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d0cddf62-c24c-4442-9288-7bac649bfe54 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0d3b5cae-59b5-4d65-acad-8cdb48a4b356 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0d3b5cae-59b5-4d65-acad-8cdb48a4b356 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0d3b5cae-59b5-4d65-acad-8cdb48a4b356 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0d3b5cae-59b5-4d65-acad-8cdb48a4b356 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th ** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0d3b5cae-59b5-4d65-acad-8cdb48a4b356 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0d3b5cae-59b5-4d65-acad-8cdb48a4b356 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0d3b5cae-59b5-4d65-acad-8cdb48a4b356 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e547552f-539e-427d-bded-a91602515bdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@)ޥ ]Ɋ& !)ޥ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0d3b5cae-59b5-4d65-acad-8cdb48a4b356 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e547552f-539e-427d-bded-a91602515bdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-bc8@**b ]Ɋ& )!Xb F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d588967-8896-4078-b6a7-80d205f4cb52 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**b ]Ɋ& A!Xb F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d588967-8896-4078-b6a7-80d205f4cb52 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**b ]Ɋ& =!Xb F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d588967-8896-4078-b6a7-80d205f4cb52 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b8**b ]Ɋ& 5!Xb F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d588967-8896-4078-b6a7-80d205f4cb52 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**b ]Ɋ& 5!Xb F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d588967-8896-4078-b6a7-80d205f4cb52 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**b ]Ɋ& 7!Xb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d588967-8896-4078-b6a7-80d205f4cb52 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0b ]Ɋ& !b F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d588967-8896-4078-b6a7-80d205f4cb52 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f9fb1a1b-43e1-4b83-be52-a263720666a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@JLb ]Ɋ& !JLb F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d588967-8896-4078-b6a7-80d205f4cb52 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f9fb1a1b-43e1-4b83-be52-a263720666a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**Xhxb ]Ɋ& !Xhxb F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d1ed379-397c-40ff-838e-317498a97bdf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**phxb ]Ɋ& !Xhxb F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d1ed379-397c-40ff-838e-317498a97bdf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hhxb ]Ɋ& !Xhxb F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d1ed379-397c-40ff-838e-317498a97bdf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`hxb ]Ɋ& !Xhxb F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d1ed379-397c-40ff-838e-317498a97bdf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`hxb ]Ɋ& !Xhxb F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d1ed379-397c-40ff-838e-317498a97bdf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==` FH] ]Ɋ& Xhxb F& ElfChnkڹڹS$Mu=VysMc&&**hhxb ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!Xhxb F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d1ed379-397c-40ff-838e-317498a97bdf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**b ]Ɋ&  !b F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d1ed379-397c-40ff-838e-317498a97bdf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cb16aa41-7091-4e0f-8121-86cf86ccc3b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=߸**b ]Ɋ& !b F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d1ed379-397c-40ff-838e-317498a97bdf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cb16aa41-7091-4e0f-8121-86cf86ccc3b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8b ]Ɋ& !Xb F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b04159cc-76c6-4b35-a638-d9f5a5f025d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pb ]Ɋ& !Xb F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b04159cc-76c6-4b35-a638-d9f5a5f025d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pb ]Ɋ& !Xb F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b04159cc-76c6-4b35-a638-d9f5a5f025d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**Hb ]Ɋ& !Xb F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b04159cc-76c6-4b35-a638-d9f5a5f025d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**Hb ]Ɋ& !Xb F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b04159cc-76c6-4b35-a638-d9f5a5f025d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**Hb ]Ɋ& !Xb F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b04159cc-76c6-4b35-a638-d9f5a5f025d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**b ]Ɋ& !b F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b04159cc-76c6-4b35-a638-d9f5a5f025d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2312645-2c5d-4d64-855a-48e4bddb19ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**b ]Ɋ& !b F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b04159cc-76c6-4b35-a638-d9f5a5f025d9 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2312645-2c5d-4d64-855a-48e4bddb19ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=D**Xb ]Ɋ& !Xb F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9de1ef3c-280b-440b-b82a-d6aeb8e92b3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**pb ]Ɋ& !Xb F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9de1ef3c-280b-440b-b82a-d6aeb8e92b3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**hb ]Ɋ& !Xb F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9de1ef3c-280b-440b-b82a-d6aeb8e92b3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`b ]Ɋ& !Xb F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9de1ef3c-280b-440b-b82a-d6aeb8e92b3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`b ]Ɋ& !Xb F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9de1ef3c-280b-440b-b82a-d6aeb8e92b3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`b ]Ɋ& !Xb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9de1ef3c-280b-440b-b82a-d6aeb8e92b3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**b ]Ɋ& !b F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9de1ef3c-280b-440b-b82a-d6aeb8e92b3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9847fad0-1a43-46a1-b13d-759e7223ed57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**b ]Ɋ& !b F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9de1ef3c-280b-440b-b82a-d6aeb8e92b3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9847fad0-1a43-46a1-b13d-759e7223ed57 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(+Bb ]Ɋ& !X+Bb F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d375a890-a08e-41c9-8de0-d576bdb93903 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@+Bb ]Ɋ& !X+Bb F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d375a890-a08e-41c9-8de0-d576bdb93903 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@+Bb ]Ɋ& !X+Bb F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d375a890-a08e-41c9-8de0-d576bdb93903 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8+Bb ]Ɋ& !X+Bb F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d375a890-a08e-41c9-8de0-d576bdb93903 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8+Bb ]Ɋ& !X+Bb F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d375a890-a08e-41c9-8de0-d576bdb93903 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8¹+Bb ]Ɋ& !X+Bb¹ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d375a890-a08e-41c9-8de0-d576bdb93903 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**ù+Bb ]Ɋ& !+Bbù F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d375a890-a08e-41c9-8de0-d576bdb93903 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b6deda05-9776-499a-8194-9b6fe59345c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**Ĺډb ]Ɋ& !ډbĹ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d375a890-a08e-41c9-8de0-d576bdb93903 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b6deda05-9776-499a-8194-9b6fe59345c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**XŹb ]Ɋ& !XbŹ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8eb40fef-7f90-4b71-ad56-f28766523b05 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pƹb ]Ɋ& !Xbƹ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8eb40fef-7f90-4b71-ad56-f28766523b05 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pǹb ]Ɋ& !Xbǹ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8eb40fef-7f90-4b71-ad56-f28766523b05 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfop**hȹb ]Ɋ& !Xbȹ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8eb40fef-7f90-4b71-ad56-f28766523b05 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insh**hɹb ]Ɋ& !Xbɹ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8eb40fef-7f90-4b71-ad56-f28766523b05 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIdh**hʹb ]Ɋ& !Xbʹ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8eb40fef-7f90-4b71-ad56-f28766523b05 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omh**˹b ]Ɋ&  !b˹ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8eb40fef-7f90-4b71-ad56-f28766523b05 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aac1e6a0-2fc9-42ab-8da4-aecb2dc10b7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**̹=b ]Ɋ& !=b̹ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8eb40fef-7f90-4b71-ad56-f28766523b05 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aac1e6a0-2fc9-42ab-8da4-aecb2dc10b7c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oleH**͹Ռb ]Ɋ& '!XՌb͹ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9690fac7-1e16-47d2-8100-f20e8bfbe8cc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**ιՌb ]Ɋ& ?!XՌbι F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9690fac7-1e16-47d2-8100-f20e8bfbe8cc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**ϹՌb ]Ɋ& ;!XՌbϹ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9690fac7-1e16-47d2-8100-f20e8bfbe8cc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**йՌb ]Ɋ& 3!XՌbй F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9690fac7-1e16-47d2-8100-f20e8bfbe8cc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ѹՌb ]Ɋ& 3!XՌbѹ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9690fac7-1e16-47d2-8100-f20e8bfbe8cc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame**ҹՌb ]Ɋ& 5!XՌbҹ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9690fac7-1e16-47d2-8100-f20e8bfbe8cc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rs**0ӹՌb ]Ɋ& !Ռbӹ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9690fac7-1e16-47d2-8100-f20e8bfbe8cc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=28e14f79-6779-4d5a-8131-d78be61fd229 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er0**@ԹInb ]Ɋ& !InbԹ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9690fac7-1e16-47d2-8100-f20e8bfbe8cc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=28e14f79-6779-4d5a-8131-d78be61fd229 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=666a@**չʮ ]Ɋ& )!Xʮչ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c56f7570-ad51-473f-afed-b17c0daccaba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=prod**ֹʮ ]Ɋ& A!Xʮֹ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c56f7570-ad51-473f-afed-b17c0daccaba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se**׹ʮ ]Ɋ& =!Xʮ׹ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c56f7570-ad51-473f-afed-b17c0daccaba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7b**عʮ ]Ɋ& 5!Xʮع F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c56f7570-ad51-473f-afed-b17c0daccaba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**ٹʮ ]Ɋ& 5!Xʮٹ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c56f7570-ad51-473f-afed-b17c0daccaba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**ڹʮ ]Ɋ& 7!Xʮڹ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c56f7570-ad51-473f-afed-b17c0daccaba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk۹ ۹ h6M"Mu=VysMc&&**8۹ʮ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !ʮ۹ F&F%g>9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c56f7570-ad51-473f-afed-b17c0daccaba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c224b34e-fd83-403d-9c48-9e064ff17f4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@ܹڐ̮ ]Ɋ& !ڐ̮ܹ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c56f7570-ad51-473f-afed-b17c0daccaba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c224b34e-fd83-403d-9c48-9e064ff17f4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**Xݹڐ̮ ]Ɋ& !Xڐ̮ݹ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1444db1f-2346-45cf-98f9-7e10c4a740a7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**p޹ڐ̮ ]Ɋ& !Xڐ̮޹ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1444db1f-2346-45cf-98f9-7e10c4a740a7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**h߹ڐ̮ ]Ɋ& !Xڐ̮߹ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1444db1f-2346-45cf-98f9-7e10c4a740a7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**`ڐ̮ ]Ɋ& !Xڐ̮ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1444db1f-2346-45cf-98f9-7e10c4a740a7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**`ڐ̮ ]Ɋ& !Xڐ̮ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1444db1f-2346-45cf-98f9-7e10c4a740a7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**hڐ̮ ]Ɋ& !Xڐ̮ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1444db1f-2346-45cf-98f9-7e10c4a740a7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh**ڐ̮ ]Ɋ&  !ڐ̮ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1444db1f-2346-45cf-98f9-7e10c4a740a7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f6f4af68-5720-4698-b89d-435a9e49e95b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**p)ͮ ]Ɋ& !p)ͮ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1444db1f-2346-45cf-98f9-7e10c4a740a7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f6f4af68-5720-4698-b89d-435a9e49e95b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8p)ͮ ]Ɋ& !Xp)ͮ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40a391e6-1903-4532-8ed4-a0c970d9acbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**Pp)ͮ ]Ɋ& !Xp)ͮ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40a391e6-1903-4532-8ed4-a0c970d9acbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**Pp)ͮ ]Ɋ& !Xp)ͮ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40a391e6-1903-4532-8ed4-a0c970d9acbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**Hp)ͮ ]Ɋ& !Xp)ͮ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40a391e6-1903-4532-8ed4-a0c970d9acbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**Hp)ͮ ]Ɋ& !Xp)ͮ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40a391e6-1903-4532-8ed4-a0c970d9acbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**Hp)ͮ ]Ɋ& !Xp)ͮ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40a391e6-1903-4532-8ed4-a0c970d9acbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH**p)ͮ ]Ɋ& !p)ͮ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40a391e6-1903-4532-8ed4-a0c970d9acbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5efa5ab-293a-4a36-b156-a4d3c884619f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**p)ͮ ]Ɋ& !p)ͮ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40a391e6-1903-4532-8ed4-a0c970d9acbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5efa5ab-293a-4a36-b156-a4d3c884619f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xͮ ]Ɋ& !Xͮ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3e2b80ca-442c-41e3-89de-9c58837d1a2b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==984X**pͮ ]Ɋ& !Xͮ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3e2b80ca-442c-41e3-89de-9c58837d1a2b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hͮ ]Ɋ& !Xͮ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3e2b80ca-442c-41e3-89de-9c58837d1a2b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`ͮ ]Ɋ& !Xͮ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3e2b80ca-442c-41e3-89de-9c58837d1a2b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`ͮ ]Ɋ& !Xͮ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3e2b80ca-442c-41e3-89de-9c58837d1a2b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`ͮ ]Ɋ& !Xͮ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3e2b80ca-442c-41e3-89de-9c58837d1a2b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**ͮ ]Ɋ& !ͮ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3e2b80ca-442c-41e3-89de-9c58837d1a2b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0ad3d9ca-0d73-490d-94cd-4db56214b524 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**ͮ ]Ɋ& !ͮ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3e2b80ca-442c-41e3-89de-9c58837d1a2b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0ad3d9ca-0d73-490d-94cd-4db56214b524 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(ͮ ]Ɋ& !Xͮ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=487450a9-591b-4317-8884-24fae4165454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@ͮ ]Ɋ& !Xͮ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=487450a9-591b-4317-8884-24fae4165454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@ͮ ]Ɋ& !Xͮ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=487450a9-591b-4317-8884-24fae4165454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8ͮ ]Ɋ& !Xͮ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=487450a9-591b-4317-8884-24fae4165454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8ͮ ]Ɋ& !Xͮ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=487450a9-591b-4317-8884-24fae4165454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**8ͮ ]Ɋ& !Xͮ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=487450a9-591b-4317-8884-24fae4165454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**ͮ ]Ɋ& !ͮ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=487450a9-591b-4317-8884-24fae4165454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1461c016-aa9f-4710-8496-c20749db6d73 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru**4ή ]Ɋ& !4ή F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=487450a9-591b-4317-8884-24fae4165454 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1461c016-aa9f-4710-8496-c20749db6d73 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**Xa$Ю ]Ɋ& !Xa$Ю F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=31cf33f0-1532-4082-a852-d0d7886a2011 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**pa$Ю ]Ɋ& !Xa$Ю F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=31cf33f0-1532-4082-a852-d0d7886a2011 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**pa$Ю ]Ɋ& !Xa$Ю F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=31cf33f0-1532-4082-a852-d0d7886a2011 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**ha$Ю ]Ɋ& !Xa$Ю F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=31cf33f0-1532-4082-a852-d0d7886a2011 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**ha$Ю ]Ɋ& !Xa$Ю F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=31cf33f0-1532-4082-a852-d0d7886a2011 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**ha$Ю ]Ɋ& !Xa$Ю F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31cf33f0-1532-4082-a852-d0d7886a2011 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**a$Ю ]Ɋ&  !a$Ю F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31cf33f0-1532-4082-a852-d0d7886a2011 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=96f84d6c-c087-41fe-8479-9c6c38b334c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**UѮ ]Ɋ& !UѮ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31cf33f0-1532-4082-a852-d0d7886a2011 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=96f84d6c-c087-41fe-8479-9c6c38b334c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**UѮ ]Ɋ& '!XUѮ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30b014a6-f749-4ef5-a22e-14904b8c7a32 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**UѮ ]Ɋ& ?!XUѮ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30b014a6-f749-4ef5-a22e-14904b8c7a32 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**UѮ ]Ɋ& ;!XUѮ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30b014a6-f749-4ef5-a22e-14904b8c7a32 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**UѮ ]Ɋ& 3!XUѮ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30b014a6-f749-4ef5-a22e-14904b8c7a32 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer** UѮ ]Ɋ& 3!XUѮ  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30b014a6-f749-4ef5-a22e-14904b8c7a32 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** UѮ ]Ɋ& 5!XUѮ  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30b014a6-f749-4ef5-a22e-14904b8c7a32 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 35UѮ  F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**ڹʮ ]Ɋ& 7!Xʮڹ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c56f7570-ad51-473f-afed-b17c0daccaba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk < <Hə)R!Mu=VysMc&&**8 UѮ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !UѮ  F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30b014a6-f749-4ef5-a22e-14904b8c7a32 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=87fcc5e1-7bcb-4120-bfe7-557636371276 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0-a8 **@ Ү ]Ɋ& !Ү  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30b014a6-f749-4ef5-a22e-14904b8c7a32 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=87fcc5e1-7bcb-4120-bfe7-557636371276 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@** ^ ]Ɋ& )!X^  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1b5ac488-95f3-451e-9bcf-82166219f7ea HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**^ ]Ɋ& A!X^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1b5ac488-95f3-451e-9bcf-82166219f7ea HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **^ ]Ɋ& =!X^ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1b5ac488-95f3-451e-9bcf-82166219f7ea HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **^ ]Ɋ& 5!X^ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1b5ac488-95f3-451e-9bcf-82166219f7ea HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cf**^ ]Ɋ& 5!X^ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1b5ac488-95f3-451e-9bcf-82166219f7ea HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**^ ]Ɋ& 7!X^ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1b5ac488-95f3-451e-9bcf-82166219f7ea HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0Y ]Ɋ& !Y F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1b5ac488-95f3-451e-9bcf-82166219f7ea HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=94861b43-1b36-47bc-a54d-882658faf66c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@" ]Ɋ& !" F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1b5ac488-95f3-451e-9bcf-82166219f7ea HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=94861b43-1b36-47bc-a54d-882658faf66c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**X" ]Ɋ& !X" F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=39863649-616e-4b2f-92b9-4b62c6674e4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p" ]Ɋ& !X" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=39863649-616e-4b2f-92b9-4b62c6674e4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h" ]Ɋ& !X" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=39863649-616e-4b2f-92b9-4b62c6674e4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`" ]Ɋ& !X" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=39863649-616e-4b2f-92b9-4b62c6674e4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`" ]Ɋ& !X" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=39863649-616e-4b2f-92b9-4b62c6674e4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h" ]Ɋ& !X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=39863649-616e-4b2f-92b9-4b62c6674e4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ͮh**# ]Ɋ&  !# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=39863649-616e-4b2f-92b9-4b62c6674e4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ed358a6-e807-4a48-bdde-e2c407be066f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**# ]Ɋ& !# F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=39863649-616e-4b2f-92b9-4b62c6674e4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ed358a6-e807-4a48-bdde-e2c407be066f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**8# ]Ɋ& !X# F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0d680a6a-2de7-4220-8ceb-8cfe3f6ee797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P# ]Ɋ& !X# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0d680a6a-2de7-4220-8ceb-8cfe3f6ee797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P# ]Ɋ& !X# F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0d680a6a-2de7-4220-8ceb-8cfe3f6ee797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**H # ]Ɋ& !X#  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0d680a6a-2de7-4220-8ceb-8cfe3f6ee797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H!# ]Ɋ& !X#! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0d680a6a-2de7-4220-8ceb-8cfe3f6ee797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H"# ]Ɋ& !X#" F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0d680a6a-2de7-4220-8ceb-8cfe3f6ee797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**## ]Ɋ& !## F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0d680a6a-2de7-4220-8ceb-8cfe3f6ee797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a5b8ef31-e20a-4f92-9410-d8a58871141d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$O ]Ɋ& !O$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0d680a6a-2de7-4220-8ceb-8cfe3f6ee797 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a5b8ef31-e20a-4f92-9410-d8a58871141d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X%O ]Ɋ& !XO% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=22d351aa-7c4c-4b29-a7c0-bdf502d45d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p&O ]Ɋ& !XO& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=22d351aa-7c4c-4b29-a7c0-bdf502d45d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**h'O ]Ɋ& !XO' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=22d351aa-7c4c-4b29-a7c0-bdf502d45d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`(O ]Ɋ& !XO( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=22d351aa-7c4c-4b29-a7c0-bdf502d45d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=50`**`)O ]Ɋ& !XO) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=22d351aa-7c4c-4b29-a7c0-bdf502d45d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**`*O ]Ɋ& !XO* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=22d351aa-7c4c-4b29-a7c0-bdf502d45d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**+O ]Ɋ& !O+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=22d351aa-7c4c-4b29-a7c0-bdf502d45d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88f0b4ce-aadc-458a-bd09-fea20df8972e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**,O ]Ɋ& !O, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=22d351aa-7c4c-4b29-a7c0-bdf502d45d2f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88f0b4ce-aadc-458a-bd09-fea20df8972e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(-T ]Ɋ& !XT- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9a472959-ad8e-4604-8e7e-2676c8f33a6e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@.T ]Ɋ& !XT. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9a472959-ad8e-4604-8e7e-2676c8f33a6e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@/T ]Ɋ& !XT/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9a472959-ad8e-4604-8e7e-2676c8f33a6e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**80T ]Ɋ& !XT0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9a472959-ad8e-4604-8e7e-2676c8f33a6e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**81T ]Ɋ& !XT1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9a472959-ad8e-4604-8e7e-2676c8f33a6e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**82T ]Ɋ& !XT2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9a472959-ad8e-4604-8e7e-2676c8f33a6e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**3T ]Ɋ& !T3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9a472959-ad8e-4604-8e7e-2676c8f33a6e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=40c4ab70-9cf1-4115-86ac-385fb413d23c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**4| ]Ɋ& !|4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9a472959-ad8e-4604-8e7e-2676c8f33a6e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=40c4ab70-9cf1-4115-86ac-385fb413d23c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**X5? ]Ɋ& !X?5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eb6973bd-e2b7-4ea6-b672-12cdb27fd408 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**p6? ]Ɋ& !X?6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eb6973bd-e2b7-4ea6-b672-12cdb27fd408 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p7? ]Ɋ& !X?7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eb6973bd-e2b7-4ea6-b672-12cdb27fd408 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**h8? ]Ɋ& !X?8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eb6973bd-e2b7-4ea6-b672-12cdb27fd408 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**h9? ]Ɋ& !X?9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eb6973bd-e2b7-4ea6-b672-12cdb27fd408 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**h:? ]Ɋ& !X?: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eb6973bd-e2b7-4ea6-b672-12cdb27fd408 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**;? ]Ɋ&  !?; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eb6973bd-e2b7-4ea6-b672-12cdb27fd408 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8fe077cf-4d85-4c39-8ed8-6eae55013ef7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**<O ]Ɋ& !O< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eb6973bd-e2b7-4ea6-b672-12cdb27fd408 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8fe077cf-4d85-4c39-8ed8-6eae55013ef7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=35UѮ ]Ɋ&  CXO= F&ommandPath= CommandLine=wP**ڹʮ ]Ɋ& 7!Xʮڹ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c56f7570-ad51-473f-afed-b17c0daccaba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk=o=o((qڲMu=VysMc&&** =O ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XO= F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=82e3f86b-983b-415e-8232-a3a2ab2f5255 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **>O ]Ɋ& ?!XO> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=82e3f86b-983b-415e-8232-a3a2ab2f5255 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**?O ]Ɋ& ;!XO? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=82e3f86b-983b-415e-8232-a3a2ab2f5255 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **@O ]Ɋ& 3!XO@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=82e3f86b-983b-415e-8232-a3a2ab2f5255 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**AO ]Ɋ& 3!XOA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=82e3f86b-983b-415e-8232-a3a2ab2f5255 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**BO ]Ɋ& 5!XOB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=82e3f86b-983b-415e-8232-a3a2ab2f5255 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0Cl ]Ɋ& !lC F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=82e3f86b-983b-415e-8232-a3a2ab2f5255 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=14921b0b-f7c5-4c74-aa6b-3ac07a332b74 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@D ]Ɋ& !D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=82e3f86b-983b-415e-8232-a3a2ab2f5255 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=14921b0b-f7c5-4c74-aa6b-3ac07a332b74 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**E3n ]Ɋ& )!X3nE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=705ac746-fb8b-47ce-a057-90739afd3958 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**F3n ]Ɋ& A!X3nF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=705ac746-fb8b-47ce-a057-90739afd3958 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta**G3n ]Ɋ& =!X3nG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=705ac746-fb8b-47ce-a057-90739afd3958 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2f**H3n ]Ɋ& 5!X3nH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=705ac746-fb8b-47ce-a057-90739afd3958 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**I3n ]Ɋ& 5!X3nI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=705ac746-fb8b-47ce-a057-90739afd3958 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**J3n ]Ɋ& 7!X3nJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=705ac746-fb8b-47ce-a057-90739afd3958 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0K3n ]Ɋ& !3nK F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=705ac746-fb8b-47ce-a057-90739afd3958 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f4db3590-6f04-44ac-bef8-3362f98f2f43 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@L=n ]Ɋ& !=nL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=705ac746-fb8b-47ce-a057-90739afd3958 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f4db3590-6f04-44ac-bef8-3362f98f2f43 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**XMdn ]Ɋ& !XdnM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=75d16129-b578-4d1b-8481-8c20a23ebe39 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pNdn ]Ɋ& !XdnN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=75d16129-b578-4d1b-8481-8c20a23ebe39 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hOdn ]Ɋ& !XdnO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=75d16129-b578-4d1b-8481-8c20a23ebe39 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`Pdn ]Ɋ& !XdnP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=75d16129-b578-4d1b-8481-8c20a23ebe39 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**`Qdn ]Ɋ& !XdnQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=75d16129-b578-4d1b-8481-8c20a23ebe39 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hRdn ]Ɋ& !XdnR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=75d16129-b578-4d1b-8481-8c20a23ebe39 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=#h**Sdn ]Ɋ&  !dnS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=75d16129-b578-4d1b-8481-8c20a23ebe39 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3153407c-b966-4efb-9a4c-8fb5e3403351 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Tdn ]Ɋ& !dnT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=75d16129-b578-4d1b-8481-8c20a23ebe39 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3153407c-b966-4efb-9a4c-8fb5e3403351 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8Udn ]Ɋ& !XdnU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ea2638c-85d3-4ff5-b398-fb67080328e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PVdn ]Ɋ& !XdnV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ea2638c-85d3-4ff5-b398-fb67080328e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=OP**PWdn ]Ɋ& !XdnW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ea2638c-85d3-4ff5-b398-fb67080328e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**HXdn ]Ɋ& !XdnX F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ea2638c-85d3-4ff5-b398-fb67080328e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**HYdn ]Ɋ& !XdnY F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ea2638c-85d3-4ff5-b398-fb67080328e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**HZdn ]Ɋ& !XdnZ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ea2638c-85d3-4ff5-b398-fb67080328e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH**[dn ]Ɋ& !dn[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ea2638c-85d3-4ff5-b398-fb67080328e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ead00797-ea5a-4739-abee-8d7baf539690 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **\dn ]Ɋ& !dn\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ea2638c-85d3-4ff5-b398-fb67080328e1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ead00797-ea5a-4739-abee-8d7baf539690 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X]jn ]Ɋ& !Xjn] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7afa9b90-77d1-4bfc-b8cf-c962750b888f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**p^jn ]Ɋ& !Xjn^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7afa9b90-77d1-4bfc-b8cf-c962750b888f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**h_jn ]Ɋ& !Xjn_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7afa9b90-77d1-4bfc-b8cf-c962750b888f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**``jn ]Ɋ& !Xjn` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7afa9b90-77d1-4bfc-b8cf-c962750b888f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`ajn ]Ɋ& !Xjna F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7afa9b90-77d1-4bfc-b8cf-c962750b888f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`bjn ]Ɋ& !Xjnb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7afa9b90-77d1-4bfc-b8cf-c962750b888f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**cjn ]Ɋ& !jnc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7afa9b90-77d1-4bfc-b8cf-c962750b888f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7b6c6234-6aca-4e6c-96ae-526c82fcdb2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R**djn ]Ɋ& !jnd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7afa9b90-77d1-4bfc-b8cf-c962750b888f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7b6c6234-6aca-4e6c-96ae-526c82fcdb2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**(ejn ]Ɋ& !Xjne F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8e52fbbf-7717-42a4-9f24-1f5ab53a6a07 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@fjn ]Ɋ& !Xjnf F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8e52fbbf-7717-42a4-9f24-1f5ab53a6a07 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@gjn ]Ɋ& !Xjng F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8e52fbbf-7717-42a4-9f24-1f5ab53a6a07 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2cd@**8hjn ]Ɋ& !Xjnh F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8e52fbbf-7717-42a4-9f24-1f5ab53a6a07 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8ijn ]Ɋ& !Xjni F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8e52fbbf-7717-42a4-9f24-1f5ab53a6a07 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**8jjn ]Ɋ& !Xjnj F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8e52fbbf-7717-42a4-9f24-1f5ab53a6a07 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8**kjn ]Ɋ& !jnk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8e52fbbf-7717-42a4-9f24-1f5ab53a6a07 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c1367c04-16fa-4e4a-bddf-521cc0774ea6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al**ln ]Ɋ& !nl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8e52fbbf-7717-42a4-9f24-1f5ab53a6a07 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c1367c04-16fa-4e4a-bddf-521cc0774ea6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**Xm.n ]Ɋ& !X.nm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4ef266fe-f9d7-43e5-81d3-35afce538edb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**pn.n ]Ɋ& !X.nn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4ef266fe-f9d7-43e5-81d3-35afce538edb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**po.n ]Ɋ& !X.no F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4ef266fe-f9d7-43e5-81d3-35afce538edb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& d-X.np F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkppx) DMu=VysMc&&**h p.n ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!X.np F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4ef266fe-f9d7-43e5-81d3-35afce538edb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **hq.n ]Ɋ& !X.nq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4ef266fe-f9d7-43e5-81d3-35afce538edb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**hr.n ]Ɋ& !X.nr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4ef266fe-f9d7-43e5-81d3-35afce538edb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch**s.n ]Ɋ&  !.ns F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4ef266fe-f9d7-43e5-81d3-35afce538edb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1cdf422e-ccf8-4275-8c90-5ff514539156 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**t_n ]Ɋ& !_nt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4ef266fe-f9d7-43e5-81d3-35afce538edb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1cdf422e-ccf8-4275-8c90-5ff514539156 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst**u_n ]Ɋ& '!X_nu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d55eb463-5009-4c8c-9d4c-854cc6082d8c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**v_n ]Ɋ& ?!X_nv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d55eb463-5009-4c8c-9d4c-854cc6082d8c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**w_n ]Ɋ& ;!X_nw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d55eb463-5009-4c8c-9d4c-854cc6082d8c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**x_n ]Ɋ& 3!X_nx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d55eb463-5009-4c8c-9d4c-854cc6082d8c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**y_n ]Ɋ& 3!X_ny F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d55eb463-5009-4c8c-9d4c-854cc6082d8c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**z_n ]Ɋ& 5!X_nz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d55eb463-5009-4c8c-9d4c-854cc6082d8c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**0{_n ]Ɋ& !_n{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d55eb463-5009-4c8c-9d4c-854cc6082d8c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3680026a-bac8-4f54-95ab-7f29a4c3eb8f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@|[n ]Ɋ& ![n| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d55eb463-5009-4c8c-9d4c-854cc6082d8c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3680026a-bac8-4f54-95ab-7f29a4c3eb8f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**} ]Ɋ& )!X} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=31b39aee-5379-4214-ab35-fdce7f07f37d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& A!X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=31b39aee-5379-4214-ab35-fdce7f07f37d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=31b39aee-5379-4214-ab35-fdce7f07f37d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm** ]Ɋ& 5!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=31b39aee-5379-4214-ab35-fdce7f07f37d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g ** ]Ɋ& 5!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=31b39aee-5379-4214-ab35-fdce7f07f37d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na** ]Ɋ& 7!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31b39aee-5379-4214-ab35-fdce7f07f37d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0) ]Ɋ& !) F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31b39aee-5379-4214-ab35-fdce7f07f37d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=679acde7-3978-4e74-8185-5be6ea9c661f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=00**@O ]Ɋ& !O F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31b39aee-5379-4214-ab35-fdce7f07f37d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=679acde7-3978-4e74-8185-5be6ea9c661f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**XO ]Ɋ& !XO F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=150e6aea-de1f-4a71-8792-edd762c791e2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**pO ]Ɋ& !XO F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=150e6aea-de1f-4a71-8792-edd762c791e2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**hO ]Ɋ& !XO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=150e6aea-de1f-4a71-8792-edd762c791e2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`O ]Ɋ& !XO F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=150e6aea-de1f-4a71-8792-edd762c791e2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`O ]Ɋ& !XO F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=150e6aea-de1f-4a71-8792-edd762c791e2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**hO ]Ɋ& !XO F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=150e6aea-de1f-4a71-8792-edd762c791e2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**O ]Ɋ&  !O F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=150e6aea-de1f-4a71-8792-edd762c791e2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8a6bb728-6264-49dc-a6eb-4f4891ab07d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli**V ]Ɋ& !V F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=150e6aea-de1f-4a71-8792-edd762c791e2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8a6bb728-6264-49dc-a6eb-4f4891ab07d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**8V ]Ɋ& !XV F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a8c4e29d-3c86-4c92-8577-25a06e31868e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f-8**PV ]Ɋ& !XV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a8c4e29d-3c86-4c92-8577-25a06e31868e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=90P**PV ]Ɋ& !XV F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a8c4e29d-3c86-4c92-8577-25a06e31868e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**HV ]Ɋ& !XV F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a8c4e29d-3c86-4c92-8577-25a06e31868e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**HV ]Ɋ& !XV F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a8c4e29d-3c86-4c92-8577-25a06e31868e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**HV ]Ɋ& !XV F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a8c4e29d-3c86-4c92-8577-25a06e31868e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**V ]Ɋ& !V F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a8c4e29d-3c86-4c92-8577-25a06e31868e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7963b0f0-0908-4799-a220-2ecd83943959 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**V ]Ɋ& !V F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a8c4e29d-3c86-4c92-8577-25a06e31868e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7963b0f0-0908-4799-a220-2ecd83943959 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**XV ]Ɋ& !XV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5d7ef2f4-79dc-4875-bd20-cbfcf947d113 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**pV ]Ɋ& !XV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5d7ef2f4-79dc-4875-bd20-cbfcf947d113 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=jp**hV ]Ɋ& !XV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5d7ef2f4-79dc-4875-bd20-cbfcf947d113 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`V ]Ɋ& !XV F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5d7ef2f4-79dc-4875-bd20-cbfcf947d113 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`V ]Ɋ& !XV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5d7ef2f4-79dc-4875-bd20-cbfcf947d113 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`V ]Ɋ& !XV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5d7ef2f4-79dc-4875-bd20-cbfcf947d113 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**V ]Ɋ& !V F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5d7ef2f4-79dc-4875-bd20-cbfcf947d113 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4d5ef5c-82c2-4341-b588-11ea0e8e3985 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**퀰 ]Ɋ& !퀰 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5d7ef2f4-79dc-4875-bd20-cbfcf947d113 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4d5ef5c-82c2-4341-b588-11ea0e8e3985 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e95f7da7-c122-464f-b40c-0d83e38e58ea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e95f7da7-c122-464f-b40c-0d83e38e58ea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e95f7da7-c122-464f-b40c-0d83e38e58ea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e95f7da7-c122-464f-b40c-0d83e38e58ea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e95f7da7-c122-464f-b40c-0d83e38e58ea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e95f7da7-c122-464f-b40c-0d83e38e58ea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnkԺԺ@9|QMu=VysMc&&**  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! m! F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e95f7da7-c122-464f-b40c-0d83e38e58ea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=28868785-ba42-47c1-aa84-dcaf9ddf3e0c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio ** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e95f7da7-c122-464f-b40c-0d83e38e58ea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=28868785-ba42-47c1-aa84-dcaf9ddf3e0c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**XG ]Ɋ& !XG F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=16591e01-7e53-41ea-be1b-938e579caea2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pG ]Ɋ& !XG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=16591e01-7e53-41ea-be1b-938e579caea2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**pG ]Ɋ& !XG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=16591e01-7e53-41ea-be1b-938e579caea2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**hG ]Ɋ& !XG F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=16591e01-7e53-41ea-be1b-938e579caea2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**hG ]Ɋ& !XG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=16591e01-7e53-41ea-be1b-938e579caea2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hG ]Ɋ& !XG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=16591e01-7e53-41ea-be1b-938e579caea2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**G ]Ɋ&  !G F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=16591e01-7e53-41ea-be1b-938e579caea2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de6d3edd-3b16-4d09-97be-4f68e3418298 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_**{ ]Ɋ& !{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=16591e01-7e53-41ea-be1b-938e579caea2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de6d3edd-3b16-4d09-97be-4f68e3418298 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**{ ]Ɋ& '!X{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0c10eff8-eeb8-408a-99ce-690600dbf016 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**{ ]Ɋ& ?!X{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0c10eff8-eeb8-408a-99ce-690600dbf016 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**{ ]Ɋ& ;!X{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0c10eff8-eeb8-408a-99ce-690600dbf016 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**{ ]Ɋ& 3!X{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0c10eff8-eeb8-408a-99ce-690600dbf016 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**{ ]Ɋ& 3!X{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0c10eff8-eeb8-408a-99ce-690600dbf016 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**{ ]Ɋ& 5!X{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0c10eff8-eeb8-408a-99ce-690600dbf016 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0{ ]Ɋ& !{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0c10eff8-eeb8-408a-99ce-690600dbf016 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=06e514d3-1aa3-4077-afe6-1462f7d273ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la0**@t ]Ɋ& !t F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0c10eff8-eeb8-408a-99ce-690600dbf016 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=06e514d3-1aa3-4077-afe6-1462f7d273ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng -@**=*# ]Ɋ& )!X=*# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0efb7659-431b-48f2-b37e-ab8b15dc4212 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**=*# ]Ɋ& A!X=*# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0efb7659-431b-48f2-b37e-ab8b15dc4212 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=71-8**=*# ]Ɋ& =!X=*# F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0efb7659-431b-48f2-b37e-ab8b15dc4212 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**=*# ]Ɋ& 5!X=*# F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0efb7659-431b-48f2-b37e-ab8b15dc4212 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**=*# ]Ɋ& 5!X=*# F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0efb7659-431b-48f2-b37e-ab8b15dc4212 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**=*# ]Ɋ& 7!X=*# F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0efb7659-431b-48f2-b37e-ab8b15dc4212 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**0=*# ]Ɋ& !=*# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0efb7659-431b-48f2-b37e-ab8b15dc4212 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1a9b9cb5-c13d-4c51-b5ef-07e6472703f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@j[# ]Ɋ& !j[# F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0efb7659-431b-48f2-b37e-ab8b15dc4212 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1a9b9cb5-c13d-4c51-b5ef-07e6472703f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pel@**Xj[# ]Ɋ& !Xj[# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=493595d7-25d0-47e1-a4f2-2d60a1396816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RX**pj[# ]Ɋ& !Xj[# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=493595d7-25d0-47e1-a4f2-2d60a1396816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersp**hj[# ]Ɋ& !Xj[# F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=493595d7-25d0-47e1-a4f2-2d60a1396816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ph**`# ]Ɋ& !X# F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=493595d7-25d0-47e1-a4f2-2d60a1396816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**`# ]Ɋ& !X# F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=493595d7-25d0-47e1-a4f2-2d60a1396816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hº# ]Ɋ& !X#º F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=493595d7-25d0-47e1-a4f2-2d60a1396816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**ú# ]Ɋ&  !#ú F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=493595d7-25d0-47e1-a4f2-2d60a1396816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31b31626-53b0-410c-b3a6-6635697549e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**ĺ# ]Ɋ& !#ĺ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=493595d7-25d0-47e1-a4f2-2d60a1396816 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=31b31626-53b0-410c-b3a6-6635697549e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V**8ź# ]Ɋ& !X#ź F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e2e1b2b2-7338-4f82-a4cb-f05f86423659 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt8**Pƺ# ]Ɋ& !X#ƺ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e2e1b2b2-7338-4f82-a4cb-f05f86423659 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipP**PǺ# ]Ɋ& !X#Ǻ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e2e1b2b2-7338-4f82-a4cb-f05f86423659 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CommP**HȺ# ]Ɋ& !X#Ⱥ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e2e1b2b2-7338-4f82-a4cb-f05f86423659 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**Hɺ# ]Ɋ& !X#ɺ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e2e1b2b2-7338-4f82-a4cb-f05f86423659 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PipH**Hʺ# ]Ɋ& !X#ʺ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e2e1b2b2-7338-4f82-a4cb-f05f86423659 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspH**˺# ]Ɋ& !#˺ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e2e1b2b2-7338-4f82-a4cb-f05f86423659 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2a744f9-346a-409a-88c2-d9fdc409c52b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**̺# ]Ɋ& !#̺ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e2e1b2b2-7338-4f82-a4cb-f05f86423659 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2a744f9-346a-409a-88c2-d9fdc409c52b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**Xͺ# ]Ɋ& !X#ͺ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7271f6cb-71c4-4849-b494-4f8471723224 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIdX**pκ# ]Ɋ& !X#κ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7271f6cb-71c4-4849-b494-4f8471723224 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obalp**hϺ# ]Ɋ& !X#Ϻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7271f6cb-71c4-4849-b494-4f8471723224 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=x h**`к# ]Ɋ& !X#к F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7271f6cb-71c4-4849-b494-4f8471723224 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`Ѻ# ]Ɋ& !X#Ѻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7271f6cb-71c4-4849-b494-4f8471723224 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`Һ# ]Ɋ& !X#Һ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7271f6cb-71c4-4849-b494-4f8471723224 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Ӻ# ]Ɋ& !#Ӻ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7271f6cb-71c4-4849-b494-4f8471723224 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d8bf4553-3a72-4cdb-9c4f-4cec4422c2fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**Ժ# ]Ɋ& !#Ժ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7271f6cb-71c4-4849-b494-4f8471723224 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d8bf4553-3a72-4cdb-9c4f-4cec4422c2fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= EnneVersion=  ]Ɋ& maX-%#պ F&ndPath= CommandLine=8F& ElfChnkպպ4 IMu=VysMc&&**0 պ-%# ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X-%#պ F&F%g>9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4b1c5cc1-9c00-4c8b-a0d3-2e70a5eac044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0 **@ֺ-%# ]Ɋ& !X-%#ֺ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4b1c5cc1-9c00-4c8b-a0d3-2e70a5eac044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P@**@׺-%# ]Ɋ& !X-%#׺ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4b1c5cc1-9c00-4c8b-a0d3-2e70a5eac044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lue@**8غ-%# ]Ɋ& !X-%#غ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4b1c5cc1-9c00-4c8b-a0d3-2e70a5eac044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**8ٺ-%# ]Ɋ& !X-%#ٺ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4b1c5cc1-9c00-4c8b-a0d3-2e70a5eac044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 8**8ں-%# ]Ɋ& !X-%#ں F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4b1c5cc1-9c00-4c8b-a0d3-2e70a5eac044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er8**ۺ-%# ]Ɋ& !-%#ۺ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4b1c5cc1-9c00-4c8b-a0d3-2e70a5eac044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ce8af864-4b5b-4d05-a532-f31a3ad0b594 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G㲈**ܺĽ# ]Ɋ& !Ľ#ܺ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4b1c5cc1-9c00-4c8b-a0d3-2e70a5eac044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ce8af864-4b5b-4d05-a532-f31a3ad0b594 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **Xݺ# ]Ɋ& !X#ݺ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=85606a0f-294e-4fde-886f-91afa1963c8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**p޺# ]Ɋ& !X#޺ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=85606a0f-294e-4fde-886f-91afa1963c8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**pߺ# ]Ɋ& !X#ߺ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=85606a0f-294e-4fde-886f-91afa1963c8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rinp**h# ]Ɋ& !X# F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=85606a0f-294e-4fde-886f-91afa1963c8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h# ]Ɋ& !X# F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=85606a0f-294e-4fde-886f-91afa1963c8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipth**h# ]Ɋ& !X# F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=85606a0f-294e-4fde-886f-91afa1963c8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**# ]Ɋ&  !# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=85606a0f-294e-4fde-886f-91afa1963c8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da07512b-5e80-468d-b668-41c1ab6a5a18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eg** # ]Ɋ& ! # F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=85606a0f-294e-4fde-886f-91afa1963c8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da07512b-5e80-468d-b668-41c1ab6a5a18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ff8-**# ]Ɋ& '!X# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bc5fe571-2dc1-4777-844f-fadd5c794c65 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**# ]Ɋ& ?!X# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bc5fe571-2dc1-4777-844f-fadd5c794c65 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**# ]Ɋ& ;!X# F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bc5fe571-2dc1-4777-844f-fadd5c794c65 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **# ]Ɋ& 3!X# F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bc5fe571-2dc1-4777-844f-fadd5c794c65 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**# ]Ɋ& 3!X# F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bc5fe571-2dc1-4777-844f-fadd5c794c65 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **# ]Ɋ& 5!X# F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bc5fe571-2dc1-4777-844f-fadd5c794c65 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0# ]Ɋ& !# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bc5fe571-2dc1-4777-844f-fadd5c794c65 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=daaf3f60-fa47-4345-acc4-112164a5c4da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si0**@KQ# ]Ɋ& !KQ# F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bc5fe571-2dc1-4777-844f-fadd5c794c65 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=daaf3f60-fa47-4345-acc4-112164a5c4da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0ef4bf78-bf18-47f9-ace0-771faf7b9246 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0ef4bf78-bf18-47f9-ace0-771faf7b9246 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0ef4bf78-bf18-47f9-ace0-771faf7b9246 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mI** ]Ɋ& 5!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0ef4bf78-bf18-47f9-ace0-771faf7b9246 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-2** ]Ɋ& 5!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0ef4bf78-bf18-47f9-ace0-771faf7b9246 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=** ]Ɋ& 7!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0ef4bf78-bf18-47f9-ace0-771faf7b9246 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**0 ]Ɋ& ! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0ef4bf78-bf18-47f9-ace0-771faf7b9246 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=54a08274-2cbe-4d00-b975-8a4ab73478f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@o{ ]Ɋ& !o{ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0ef4bf78-bf18-47f9-ace0-771faf7b9246 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=54a08274-2cbe-4d00-b975-8a4ab73478f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xo{ ]Ɋ& !Xo{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bc482d79-dd0f-4c22-8fdd-4e06cf9c0654 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= X**po{ ]Ɋ& !Xo{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bc482d79-dd0f-4c22-8fdd-4e06cf9c0654 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ƺp**ho{ ]Ɋ& !Xo{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bc482d79-dd0f-4c22-8fdd-4e06cf9c0654 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`o{ ]Ɋ& !Xo{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bc482d79-dd0f-4c22-8fdd-4e06cf9c0654 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`o{ ]Ɋ& !Xo{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bc482d79-dd0f-4c22-8fdd-4e06cf9c0654 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**ho{ ]Ɋ& !Xo{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bc482d79-dd0f-4c22-8fdd-4e06cf9c0654 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**o{ ]Ɋ&  !o{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bc482d79-dd0f-4c22-8fdd-4e06cf9c0654 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12ad691e-c4c4-4c99-a945-742238b55fe7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=None** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bc482d79-dd0f-4c22-8fdd-4e06cf9c0654 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12ad691e-c4c4-4c99-a945-742238b55fe7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7b6863f7-7937-444c-8e7f-fa197f9e81d0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ͺ8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7b6863f7-7937-444c-8e7f-fa197f9e81d0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7b6863f7-7937-444c-8e7f-fa197f9e81d0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7b6863f7-7937-444c-8e7f-fa197f9e81d0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7b6863f7-7937-444c-8e7f-fa197f9e81d0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7b6863f7-7937-444c-8e7f-fa197f9e81d0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7b6863f7-7937-444c-8e7f-fa197f9e81d0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=13a9080a-7534-488d-9abe-e4f92aff2c26 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7b6863f7-7937-444c-8e7f-fa197f9e81d0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=13a9080a-7534-488d-9abe-e4f92aff2c26 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cf687bee-c21c-466b-b3e3-72dfb1845c5e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mandXne= En ]Ɋ& X F& F&ndPath= CommandLine=8F& ElfChnk66@!%';Mu=VysMc&&**p ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!X F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cf687bee-c21c-466b-b3e3-72dfb1845c5e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cf687bee-c21c-466b-b3e3-72dfb1845c5e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cf687bee-c21c-466b-b3e3-72dfb1845c5e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`  ]Ɋ& !X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cf687bee-c21c-466b-b3e3-72dfb1845c5e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5c`**`  ]Ɋ& !X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cf687bee-c21c-466b-b3e3-72dfb1845c5e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**  ]Ɋ& !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cf687bee-c21c-466b-b3e3-72dfb1845c5e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eed3b3d8-ceda-4978-a2e1-a74c65e8a5aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cf687bee-c21c-466b-b3e3-72dfb1845c5e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eed3b3d8-ceda-4978-a2e1-a74c65e8a5aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ۺ**( 2E ]Ɋ& !X2E  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=41e605d8-84a5-4bc4-bfca-89768f990d1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@2E ]Ɋ& !X2E F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=41e605d8-84a5-4bc4-bfca-89768f990d1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@2E ]Ɋ& !X2E F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=41e605d8-84a5-4bc4-bfca-89768f990d1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**82E ]Ɋ& !X2E F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=41e605d8-84a5-4bc4-bfca-89768f990d1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**82E ]Ɋ& !X2E F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=41e605d8-84a5-4bc4-bfca-89768f990d1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**82E ]Ɋ& !X2E F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=41e605d8-84a5-4bc4-bfca-89768f990d1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**2E ]Ɋ& !2E F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=41e605d8-84a5-4bc4-bfca-89768f990d1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=14b0aa44-f602-4d8b-afbe-5dd74c4697bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**݈ ]Ɋ& !݈ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=41e605d8-84a5-4bc4-bfca-89768f990d1e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=14b0aa44-f602-4d8b-afbe-5dd74c4697bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7e47ab94-034d-4fcf-9921-fae478347c54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7e47ab94-034d-4fcf-9921-fae478347c54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7e47ab94-034d-4fcf-9921-fae478347c54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7e47ab94-034d-4fcf-9921-fae478347c54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7e47ab94-034d-4fcf-9921-fae478347c54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7e47ab94-034d-4fcf-9921-fae478347c54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7e47ab94-034d-4fcf-9921-fae478347c54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d717fe13-7ebf-444e-a248-7fb0b1d97d18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **#@ ]Ɋ& !#@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7e47ab94-034d-4fcf-9921-fae478347c54 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d717fe13-7ebf-444e-a248-7fb0b1d97d18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-477**؋ ]Ɋ& '!X؋ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d0ceb30a-f5b5-4546-890c-6c12368d99ff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**؋ ]Ɋ& ?!X؋ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d0ceb30a-f5b5-4546-890c-6c12368d99ff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**؋ ]Ɋ& ;!X؋ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d0ceb30a-f5b5-4546-890c-6c12368d99ff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que** ؋ ]Ɋ& 3!X؋  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d0ceb30a-f5b5-4546-890c-6c12368d99ff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**!؋ ]Ɋ& 3!X؋! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d0ceb30a-f5b5-4546-890c-6c12368d99ff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**"؋ ]Ɋ& 5!X؋" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d0ceb30a-f5b5-4546-890c-6c12368d99ff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0#؋ ]Ɋ& !؋# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d0ceb30a-f5b5-4546-890c-6c12368d99ff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e477d9fc-0b2a-4c8a-95ae-856c047d723b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@$  ]Ɋ& ! $ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d0ceb30a-f5b5-4546-890c-6c12368d99ff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e477d9fc-0b2a-4c8a-95ae-856c047d723b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**% ]Ɋ& )!X% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2180b407-5194-4db1-aff5-a54186ee1d05 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**& ]Ɋ& A!X& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2180b407-5194-4db1-aff5-a54186ee1d05 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**' ]Ɋ& =!X' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2180b407-5194-4db1-aff5-a54186ee1d05 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **( ]Ɋ& 5!X( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2180b407-5194-4db1-aff5-a54186ee1d05 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=22**) ]Ɋ& 5!X) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2180b407-5194-4db1-aff5-a54186ee1d05 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho*** ]Ɋ& 7!X* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2180b407-5194-4db1-aff5-a54186ee1d05 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0+ ]Ɋ& !+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2180b407-5194-4db1-aff5-a54186ee1d05 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5b0a76d-99b2-4b7f-8b57-ee003cc1598d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@,  ]Ɋ& ! , F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2180b407-5194-4db1-aff5-a54186ee1d05 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5b0a76d-99b2-4b7f-8b57-ee003cc1598d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X-  ]Ɋ& !X - F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=57985e8c-0a46-4589-b288-ddceb79d96a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p.  ]Ɋ& !X . F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=57985e8c-0a46-4589-b288-ddceb79d96a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h/  ]Ɋ& !X / F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=57985e8c-0a46-4589-b288-ddceb79d96a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`0  ]Ɋ& !X 0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=57985e8c-0a46-4589-b288-ddceb79d96a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`1  ]Ɋ& !X 1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=57985e8c-0a46-4589-b288-ddceb79d96a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h2  ]Ɋ& !X 2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=57985e8c-0a46-4589-b288-ddceb79d96a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**3  ]Ɋ&  ! 3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=57985e8c-0a46-4589-b288-ddceb79d96a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2890731-9fd3-49e5-b38a-8bb8655923cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng**4 ]Ɋ& !4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=57985e8c-0a46-4589-b288-ddceb79d96a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2890731-9fd3-49e5-b38a-8bb8655923cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **85 ]Ɋ& !X5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=109d48c0-783a-4181-a73b-8a39c414fdd8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**P6 ]Ɋ& !X6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=109d48c0-783a-4181-a73b-8a39c414fdd8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF& F&ndPath= CommandLine=8F& ElfChnk7g7g 5-ВoMu=VysMc&&**P7 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!X7 F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=109d48c0-783a-4181-a73b-8a39c414fdd8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**H8 ]Ɋ& !X8 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=109d48c0-783a-4181-a73b-8a39c414fdd8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H9 ]Ɋ& !X9 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=109d48c0-783a-4181-a73b-8a39c414fdd8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**H: ]Ɋ& !X: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=109d48c0-783a-4181-a73b-8a39c414fdd8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=109d48c0-783a-4181-a73b-8a39c414fdd8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22a5d5e4-a8f7-4032-ad7e-441f95e440bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=109d48c0-783a-4181-a73b-8a39c414fdd8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22a5d5e4-a8f7-4032-ad7e-441f95e440bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X= ]Ɋ& !X= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ac5d8d7e-a367-4731-8002-01cffe824950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**p> ]Ɋ& !X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ac5d8d7e-a367-4731-8002-01cffe824950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h? ]Ɋ& !X? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ac5d8d7e-a367-4731-8002-01cffe824950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**`@ ]Ɋ& !X@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ac5d8d7e-a367-4731-8002-01cffe824950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8f`**`A ]Ɋ& !XA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ac5d8d7e-a367-4731-8002-01cffe824950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**`B ]Ɋ& !XB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ac5d8d7e-a367-4731-8002-01cffe824950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**C ]Ɋ& !C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ac5d8d7e-a367-4731-8002-01cffe824950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c162d2bb-ba1e-40c9-af4f-572a87709ddd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**D8: ]Ɋ& !8:D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ac5d8d7e-a367-4731-8002-01cffe824950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c162d2bb-ba1e-40c9-af4f-572a87709ddd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**(E8: ]Ɋ& !X8:E F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d5ee32c8-b96e-4db3-8bb0-c512d576b3f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@F8: ]Ɋ& !X8:F F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d5ee32c8-b96e-4db3-8bb0-c512d576b3f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@G8: ]Ɋ& !X8:G F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d5ee32c8-b96e-4db3-8bb0-c512d576b3f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**8H8: ]Ɋ& !X8:H F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d5ee32c8-b96e-4db3-8bb0-c512d576b3f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**8I8: ]Ɋ& !X8:I F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d5ee32c8-b96e-4db3-8bb0-c512d576b3f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**8J8: ]Ɋ& !X8:J F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d5ee32c8-b96e-4db3-8bb0-c512d576b3f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**K8: ]Ɋ& !8:K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d5ee32c8-b96e-4db3-8bb0-c512d576b3f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7af2395c-8e90-46f2-a865-e1bba1299bdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **L ]Ɋ& !L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d5ee32c8-b96e-4db3-8bb0-c512d576b3f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7af2395c-8e90-46f2-a865-e1bba1299bdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**XM ]Ɋ& !XM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=16ec1342-9795-4e2a-8956-7b066eb5d280 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pN ]Ɋ& !XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=16ec1342-9795-4e2a-8956-7b066eb5d280 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**pO ]Ɋ& !XO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=16ec1342-9795-4e2a-8956-7b066eb5d280 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**hP ]Ɋ& !XP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=16ec1342-9795-4e2a-8956-7b066eb5d280 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**hQ ]Ɋ& !XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=16ec1342-9795-4e2a-8956-7b066eb5d280 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hR ]Ɋ& !XR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=16ec1342-9795-4e2a-8956-7b066eb5d280 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**S ]Ɋ&  !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=16ec1342-9795-4e2a-8956-7b066eb5d280 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=373f8670-36a8-4a17-87b3-513e358b613c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**T ]Ɋ& !T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=16ec1342-9795-4e2a-8956-7b066eb5d280 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=373f8670-36a8-4a17-87b3-513e358b613c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq**U ]Ɋ& '!XU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f68d3131-e864-444f-bdf5-3c7b18aef150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**V ]Ɋ& ?!XV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f68d3131-e864-444f-bdf5-3c7b18aef150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**W ]Ɋ& ;!XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f68d3131-e864-444f-bdf5-3c7b18aef150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X ]Ɋ& 3!XX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f68d3131-e864-444f-bdf5-3c7b18aef150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **Y ]Ɋ& 3!XY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f68d3131-e864-444f-bdf5-3c7b18aef150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Z ]Ɋ& 5!XZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f68d3131-e864-444f-bdf5-3c7b18aef150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0[ ]Ɋ& ![ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f68d3131-e864-444f-bdf5-3c7b18aef150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1dcf7062-f0fe-4d4c-9bc8-72e445eab3e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@\(5 ]Ɋ& !(5\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f68d3131-e864-444f-bdf5-3c7b18aef150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1dcf7062-f0fe-4d4c-9bc8-72e445eab3e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**]cG6 ]Ɋ& )!XcG6] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=65251956-d307-44fb-9454-3e9b8af49132 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**^cG6 ]Ɋ& A!XcG6^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=65251956-d307-44fb-9454-3e9b8af49132 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**_cG6 ]Ɋ& =!XcG6_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=65251956-d307-44fb-9454-3e9b8af49132 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**`cG6 ]Ɋ& 5!XcG6` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=65251956-d307-44fb-9454-3e9b8af49132 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**acG6 ]Ɋ& 5!XcG6a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=65251956-d307-44fb-9454-3e9b8af49132 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**bcG6 ]Ɋ& 7!XcG6b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=65251956-d307-44fb-9454-3e9b8af49132 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0c%H6 ]Ɋ& !%H6c F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=65251956-d307-44fb-9454-3e9b8af49132 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2e87ec8e-c284-4d99-8639-d070b82c64a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@dH6 ]Ɋ& !H6d F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=65251956-d307-44fb-9454-3e9b8af49132 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2e87ec8e-c284-4d99-8639-d070b82c64a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**Xe'WI6 ]Ɋ& !X'WI6e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9c79841-ec2d-4f3a-9916-53a5cc91d0d6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=923X**pf'WI6 ]Ɋ& !X'WI6f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9c79841-ec2d-4f3a-9916-53a5cc91d0d6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**hg'WI6 ]Ɋ& !X'WI6g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9c79841-ec2d-4f3a-9916-53a5cc91d0d6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X'WI6h F&dLine=8F& ElfChnkhh(4Mu=VysMc&&**hh'WI6 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!X'WI6h F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9c79841-ec2d-4f3a-9916-53a5cc91d0d6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`i'WI6 ]Ɋ& !X'WI6i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9c79841-ec2d-4f3a-9916-53a5cc91d0d6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hj'WI6 ]Ɋ& !X'WI6j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9c79841-ec2d-4f3a-9916-53a5cc91d0d6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**k'WI6 ]Ɋ&  !'WI6k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9c79841-ec2d-4f3a-9916-53a5cc91d0d6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fea87a20-c8e3-4bab-91bb-417b936e0a04 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**l'WI6 ]Ɋ& !'WI6l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9c79841-ec2d-4f3a-9916-53a5cc91d0d6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fea87a20-c8e3-4bab-91bb-417b936e0a04 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**8m'WI6 ]Ɋ& !X'WI6m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4fa073f4-97b7-4800-9dc1-30abb0b67bea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pn'WI6 ]Ɋ& !X'WI6n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4fa073f4-97b7-4800-9dc1-30abb0b67bea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Po'WI6 ]Ɋ& !X'WI6o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4fa073f4-97b7-4800-9dc1-30abb0b67bea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hp'WI6 ]Ɋ& !X'WI6p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4fa073f4-97b7-4800-9dc1-30abb0b67bea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hq'WI6 ]Ɋ& !X'WI6q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4fa073f4-97b7-4800-9dc1-30abb0b67bea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hr'WI6 ]Ɋ& !X'WI6r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4fa073f4-97b7-4800-9dc1-30abb0b67bea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**s'WI6 ]Ɋ& !'WI6s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4fa073f4-97b7-4800-9dc1-30abb0b67bea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3ea76e60-8424-4dee-b162-0d9747ad774a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**t'WI6 ]Ɋ& !'WI6t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4fa073f4-97b7-4800-9dc1-30abb0b67bea HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3ea76e60-8424-4dee-b162-0d9747ad774a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XuI6 ]Ɋ& !XI6u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1c28b9e6-ba10-4bf6-9f50-2d01ded6189c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**pvI6 ]Ɋ& !XI6v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1c28b9e6-ba10-4bf6-9f50-2d01ded6189c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**hwI6 ]Ɋ& !XI6w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1c28b9e6-ba10-4bf6-9f50-2d01ded6189c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**`xI6 ]Ɋ& !XI6x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1c28b9e6-ba10-4bf6-9f50-2d01ded6189c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`yI6 ]Ɋ& !XI6y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1c28b9e6-ba10-4bf6-9f50-2d01ded6189c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`zI6 ]Ɋ& !XI6z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1c28b9e6-ba10-4bf6-9f50-2d01ded6189c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**{I6 ]Ɋ& !I6{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1c28b9e6-ba10-4bf6-9f50-2d01ded6189c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8775fd0a-07ba-4ae6-b1fd-b51e5d2b49ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|I6 ]Ɋ& !I6| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1c28b9e6-ba10-4bf6-9f50-2d01ded6189c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8775fd0a-07ba-4ae6-b1fd-b51e5d2b49ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**(}I6 ]Ɋ& !XI6} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cf7d0ac8-4e07-411a-8865-3c570a43bcee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@~I6 ]Ɋ& !XI6~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cf7d0ac8-4e07-411a-8865-3c570a43bcee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@I6 ]Ɋ& !XI6 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cf7d0ac8-4e07-411a-8865-3c570a43bcee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**8I6 ]Ɋ& !XI6 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cf7d0ac8-4e07-411a-8865-3c570a43bcee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**8I6 ]Ɋ& !XI6 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cf7d0ac8-4e07-411a-8865-3c570a43bcee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8958**8I6 ]Ɋ& !XI6 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cf7d0ac8-4e07-411a-8865-3c570a43bcee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**I6 ]Ɋ& !I6 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cf7d0ac8-4e07-411a-8865-3c570a43bcee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=85e8d9b3-207d-4590-938b-936d64a7e75d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** K6 ]Ɋ& ! K6 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cf7d0ac8-4e07-411a-8865-3c570a43bcee HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=85e8d9b3-207d-4590-938b-936d64a7e75d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **XRL6 ]Ɋ& !XRL6 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=44c6bd01-5980-454c-a23a-cb03d02134fb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pRL6 ]Ɋ& !XRL6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=44c6bd01-5980-454c-a23a-cb03d02134fb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**pRL6 ]Ɋ& !XRL6 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=44c6bd01-5980-454c-a23a-cb03d02134fb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**hRL6 ]Ɋ& !XRL6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=44c6bd01-5980-454c-a23a-cb03d02134fb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**hRL6 ]Ɋ& !XRL6 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=44c6bd01-5980-454c-a23a-cb03d02134fb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**hRL6 ]Ɋ& !XRL6 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=44c6bd01-5980-454c-a23a-cb03d02134fb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**RL6 ]Ɋ&  !RL6 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=44c6bd01-5980-454c-a23a-cb03d02134fb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3e00f7e-3b12-4c68-b6eb-490010fe7477 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **L6 ]Ɋ& !L6 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=44c6bd01-5980-454c-a23a-cb03d02134fb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3e00f7e-3b12-4c68-b6eb-490010fe7477 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **DM6 ]Ɋ& '!XDM6 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=362c7241-fe02-4240-b439-6d4b7d0e8411 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**DM6 ]Ɋ& ?!XDM6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=362c7241-fe02-4240-b439-6d4b7d0e8411 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**DM6 ]Ɋ& ;!XDM6 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=362c7241-fe02-4240-b439-6d4b7d0e8411 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**DM6 ]Ɋ& 3!XDM6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=362c7241-fe02-4240-b439-6d4b7d0e8411 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**DM6 ]Ɋ& 3!XDM6 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=362c7241-fe02-4240-b439-6d4b7d0e8411 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS**DM6 ]Ɋ& 5!XDM6 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=362c7241-fe02-4240-b439-6d4b7d0e8411 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**0DM6 ]Ɋ& !DM6 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=362c7241-fe02-4240-b439-6d4b7d0e8411 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=10af17d5-8f27-44e4-9dd9-6a96bea90556 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@qN6 ]Ɋ& !qN6 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=362c7241-fe02-4240-b439-6d4b7d0e8411 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=10af17d5-8f27-44e4-9dd9-6a96bea90556 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**?9 ]Ɋ& )!X?9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9ca84f0f-6099-440c-9327-af2399b4e036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**?9 ]Ɋ& A!X?9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9ca84f0f-6099-440c-9327-af2399b4e036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**?9 ]Ɋ& =!X?9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9ca84f0f-6099-440c-9327-af2399b4e036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX?9 F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X'WI6h F&dLine=8F& ElfChnkȻȻpԦ3AMu=VysMc&&**?9 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X?9 F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9ca84f0f-6099-440c-9327-af2399b4e036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **?9 ]Ɋ& 5!X?9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9ca84f0f-6099-440c-9327-af2399b4e036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**?9 ]Ɋ& 7!X?9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9ca84f0f-6099-440c-9327-af2399b4e036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0?9 ]Ɋ& !?9 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9ca84f0f-6099-440c-9327-af2399b4e036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92f2be16-3b04-4eb5-b127-094fca096632 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@9 ]Ɋ& !9 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9ca84f0f-6099-440c-9327-af2399b4e036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=92f2be16-3b04-4eb5-b127-094fca096632 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1d0@**Xۡ; ]Ɋ& !Xۡ; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=919b5f4e-a820-4bcd-bf02-761b822f2e3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**pۡ; ]Ɋ& !Xۡ; F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=919b5f4e-a820-4bcd-bf02-761b822f2e3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=97bp**hۡ; ]Ɋ& !Xۡ; F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=919b5f4e-a820-4bcd-bf02-761b822f2e3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0h**`ۡ; ]Ɋ& !Xۡ; F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=919b5f4e-a820-4bcd-bf02-761b822f2e3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`ۡ; ]Ɋ& !Xۡ; F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=919b5f4e-a820-4bcd-bf02-761b822f2e3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hۡ; ]Ɋ& !Xۡ; F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=919b5f4e-a820-4bcd-bf02-761b822f2e3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**ۡ; ]Ɋ&  !ۡ; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=919b5f4e-a820-4bcd-bf02-761b822f2e3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb5d34c3-35ee-4d48-adfe-967d7c1115cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS**ۡ; ]Ɋ& !ۡ; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=919b5f4e-a820-4bcd-bf02-761b822f2e3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb5d34c3-35ee-4d48-adfe-967d7c1115cc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8b5? ]Ɋ& !Xb5? F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3f7e04db-27c1-4cbe-9f0d-d22c2b05d6f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**Pb5? ]Ɋ& !Xb5? F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3f7e04db-27c1-4cbe-9f0d-d22c2b05d6f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**Pb5? ]Ɋ& !Xb5? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3f7e04db-27c1-4cbe-9f0d-d22c2b05d6f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**Hb5? ]Ɋ& !Xb5? F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3f7e04db-27c1-4cbe-9f0d-d22c2b05d6f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**Hb5? ]Ɋ& !Xb5? F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3f7e04db-27c1-4cbe-9f0d-d22c2b05d6f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**Hb5? ]Ɋ& !Xb5? F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3f7e04db-27c1-4cbe-9f0d-d22c2b05d6f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=01dH**b5? ]Ɋ& !b5? F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3f7e04db-27c1-4cbe-9f0d-d22c2b05d6f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=908a9e3a-5340-4a47-96ac-afe27b8ce026 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**? ]Ɋ& !? F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3f7e04db-27c1-4cbe-9f0d-d22c2b05d6f8 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=908a9e3a-5340-4a47-96ac-afe27b8ce026 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**X? ]Ɋ& !X? F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f318b256-a007-427c-a2c9-94ae8ef166e2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cf7dX**p? ]Ɋ& !X? F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f318b256-a007-427c-a2c9-94ae8ef166e2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**h? ]Ɋ& !X? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f318b256-a007-427c-a2c9-94ae8ef166e2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`? ]Ɋ& !X? F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f318b256-a007-427c-a2c9-94ae8ef166e2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`? ]Ɋ& !X? F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f318b256-a007-427c-a2c9-94ae8ef166e2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`? ]Ɋ& !X? F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f318b256-a007-427c-a2c9-94ae8ef166e2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**? ]Ɋ& !? F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f318b256-a007-427c-a2c9-94ae8ef166e2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=179fe654-8331-4aea-be02-3a1383807c93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**? ]Ɋ& !? F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f318b256-a007-427c-a2c9-94ae8ef166e2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=179fe654-8331-4aea-be02-3a1383807c93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ac8**(f@ ]Ɋ& !Xf@ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b8146011-58f1-43bc-b881-ffae1105f1a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@f@ ]Ɋ& !Xf@ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b8146011-58f1-43bc-b881-ffae1105f1a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@f@ ]Ɋ& !Xf@ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b8146011-58f1-43bc-b881-ffae1105f1a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8f@ ]Ɋ& !Xf@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b8146011-58f1-43bc-b881-ffae1105f1a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8f@ ]Ɋ& !Xf@ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b8146011-58f1-43bc-b881-ffae1105f1a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8f@ ]Ɋ& !Xf@ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b8146011-58f1-43bc-b881-ffae1105f1a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8**f@ ]Ɋ& !f@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b8146011-58f1-43bc-b881-ffae1105f1a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=962e9114-42ce-499c-b488-52b97d1fcd12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=23**&@ ]Ɋ& !&@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b8146011-58f1-43bc-b881-ffae1105f1a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=962e9114-42ce-499c-b488-52b97d1fcd12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**XB ]Ɋ& !XB F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8330e987-0537-4d08-bb6f-39a1ff979fab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**pB ]Ɋ& !XB F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8330e987-0537-4d08-bb6f-39a1ff979fab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pB ]Ɋ& !XB F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8330e987-0537-4d08-bb6f-39a1ff979fab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hB ]Ɋ& !XB F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8330e987-0537-4d08-bb6f-39a1ff979fab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**hB ]Ɋ& !XB F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8330e987-0537-4d08-bb6f-39a1ff979fab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**h»B ]Ɋ& !XB» F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8330e987-0537-4d08-bb6f-39a1ff979fab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=84h**ûB ]Ɋ&  !Bû F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8330e987-0537-4d08-bb6f-39a1ff979fab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b24f92e-b4eb-403d-8e65-50a8d8ad00a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**ĻaC ]Ɋ& !aCĻ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8330e987-0537-4d08-bb6f-39a1ff979fab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b24f92e-b4eb-403d-8e65-50a8d8ad00a7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue**ŻC ]Ɋ& '!XCŻ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fa9992ee-b4b4-4dd6-a6e1-1b407d23b0fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**ƻC ]Ɋ& ?!XCƻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fa9992ee-b4b4-4dd6-a6e1-1b407d23b0fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**ǻC ]Ɋ& ;!XCǻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fa9992ee-b4b4-4dd6-a6e1-1b407d23b0fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**ȻC ]Ɋ& 3!XCȻ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fa9992ee-b4b4-4dd6-a6e1-1b407d23b0fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioXCɻ F&440c-9327-af2399b4e036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNX?9 F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X'WI6h F&dLine=8F& ElfChnkɻɻH];Mu=VysMc&&** ɻC ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XCɻ F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fa9992ee-b4b4-4dd6-a6e1-1b407d23b0fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ʻC ]Ɋ& 5!XCʻ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fa9992ee-b4b4-4dd6-a6e1-1b407d23b0fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=?9**0˻C ]Ɋ& !C˻ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fa9992ee-b4b4-4dd6-a6e1-1b407d23b0fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=025934b2-b332-4b6c-8b33-82c20125030a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=320**@̻D ]Ɋ& !D̻ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fa9992ee-b4b4-4dd6-a6e1-1b407d23b0fe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=025934b2-b332-4b6c-8b33-82c20125030a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**ͻ= ]Ɋ& )!X=ͻ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bb8bdb8e-3300-48de-b0b3-9941a63d2160 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **λ= ]Ɋ& A!X=λ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bb8bdb8e-3300-48de-b0b3-9941a63d2160 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**ϻ= ]Ɋ& =!X=ϻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bb8bdb8e-3300-48de-b0b3-9941a63d2160 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**л= ]Ɋ& 5!X=л F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bb8bdb8e-3300-48de-b0b3-9941a63d2160 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=82**ѻ= ]Ɋ& 5!X=ѻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bb8bdb8e-3300-48de-b0b3-9941a63d2160 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns**һ= ]Ɋ& 7!X=һ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bb8bdb8e-3300-48de-b0b3-9941a63d2160 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0ӻ ]Ɋ& !ӻ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bb8bdb8e-3300-48de-b0b3-9941a63d2160 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2c2f00ae-3336-439a-80c1-b13acce39d19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ԻHn ]Ɋ& !HnԻ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bb8bdb8e-3300-48de-b0b3-9941a63d2160 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2c2f00ae-3336-439a-80c1-b13acce39d19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**Xջ ]Ɋ& !Xջ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7927fcab-1969-4771-9744-5639a46a412a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**pֻ ]Ɋ& !Xֻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7927fcab-1969-4771-9744-5639a46a412a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h׻ ]Ɋ& !X׻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7927fcab-1969-4771-9744-5639a46a412a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`ػ ]Ɋ& !Xػ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7927fcab-1969-4771-9744-5639a46a412a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`ٻ ]Ɋ& !Xٻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7927fcab-1969-4771-9744-5639a46a412a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**hڻ ]Ɋ& !Xڻ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7927fcab-1969-4771-9744-5639a46a412a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh**ۻ ]Ɋ&  !ۻ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7927fcab-1969-4771-9744-5639a46a412a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2434fe2d-7ce0-4bdd-816a-e52cea798745 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe**ܻ ]Ɋ& !ܻ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7927fcab-1969-4771-9744-5639a46a412a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2434fe2d-7ce0-4bdd-816a-e52cea798745 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**8ݻ ]Ɋ& !Xݻ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=223b2213-1e49-4b37-9e8a-3ff48db191ed HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**P޻ ]Ɋ& !X޻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=223b2213-1e49-4b37-9e8a-3ff48db191ed HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**P߻ ]Ɋ& !X߻ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=223b2213-1e49-4b37-9e8a-3ff48db191ed HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=?P**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=223b2213-1e49-4b37-9e8a-3ff48db191ed HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=223b2213-1e49-4b37-9e8a-3ff48db191ed HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=223b2213-1e49-4b37-9e8a-3ff48db191ed HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=223b2213-1e49-4b37-9e8a-3ff48db191ed HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ca43c8f-644a-4ba1-b98f-e1b6e1d24faa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=223b2213-1e49-4b37-9e8a-3ff48db191ed HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2ca43c8f-644a-4ba1-b98f-e1b6e1d24faa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xu ]Ɋ& !Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=694f9b6b-01ba-4938-97b2-115fedfb8e52 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**pu ]Ɋ& !Xu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=694f9b6b-01ba-4938-97b2-115fedfb8e52 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**hu ]Ɋ& !Xu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=694f9b6b-01ba-4938-97b2-115fedfb8e52 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`u ]Ɋ& !Xu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=694f9b6b-01ba-4938-97b2-115fedfb8e52 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bc`**`u ]Ɋ& !Xu F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=694f9b6b-01ba-4938-97b2-115fedfb8e52 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`u ]Ɋ& !Xu F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=694f9b6b-01ba-4938-97b2-115fedfb8e52 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**u ]Ɋ& !u F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=694f9b6b-01ba-4938-97b2-115fedfb8e52 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27c20189-bfb4-41ce-86bf-e6b01df0e385 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**u ]Ɋ& !u F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=694f9b6b-01ba-4938-97b2-115fedfb8e52 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=27c20189-bfb4-41ce-86bf-e6b01df0e385 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==96**(u ]Ɋ& !Xu F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=19c0a15e-b75e-4df9-b0a1-565f43606044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@u ]Ɋ& !Xu F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=19c0a15e-b75e-4df9-b0a1-565f43606044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@u ]Ɋ& !Xu F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=19c0a15e-b75e-4df9-b0a1-565f43606044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**8u ]Ɋ& !Xu F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=19c0a15e-b75e-4df9-b0a1-565f43606044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8u ]Ɋ& !Xu F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=19c0a15e-b75e-4df9-b0a1-565f43606044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8u ]Ɋ& !Xu F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=19c0a15e-b75e-4df9-b0a1-565f43606044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**u ]Ɋ& !u F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=19c0a15e-b75e-4df9-b0a1-565f43606044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bf52e82c-6587-448b-8fe2-bc5bfee74121 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=19c0a15e-b75e-4df9-b0a1-565f43606044 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bf52e82c-6587-448b-8fe2-bc5bfee74121 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**X8i ]Ɋ& !X8i F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ba586f13-3af2-4a49-a891-527ecb7435e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p8i ]Ɋ& !X8i F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ba586f13-3af2-4a49-a891-527ecb7435e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p8i ]Ɋ& !X8i F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ba586f13-3af2-4a49-a891-527ecb7435e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**h8i ]Ɋ& !X8i F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ba586f13-3af2-4a49-a891-527ecb7435e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**h8i ]Ɋ& !X8i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ba586f13-3af2-4a49-a891-527ecb7435e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**h8i ]Ɋ& !X8i F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ba586f13-3af2-4a49-a891-527ecb7435e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !8i F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ba586f13-3af2-4a49-a891-527ecb7435e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=89e92d1a-0928-4560-9cff-ebe3e0437858 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk--8kK/#IMu=VysMc&&** 8i ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !8i F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ba586f13-3af2-4a49-a891-527ecb7435e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=89e92d1a-0928-4560-9cff-ebe3e0437858 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art ** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ba586f13-3af2-4a49-a891-527ecb7435e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=89e92d1a-0928-4560-9cff-ebe3e0437858 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=4**e ]Ɋ& '!Xe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dfa63837-388f-4c82-a00f-0b5810de66c3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**e ]Ɋ& ?!Xe F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dfa63837-388f-4c82-a00f-0b5810de66c3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**e ]Ɋ& ;!Xe F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dfa63837-388f-4c82-a00f-0b5810de66c3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**e ]Ɋ& 3!Xe F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dfa63837-388f-4c82-a00f-0b5810de66c3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**e ]Ɋ& 3!Xe F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dfa63837-388f-4c82-a00f-0b5810de66c3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **e ]Ɋ& 5!Xe F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dfa63837-388f-4c82-a00f-0b5810de66c3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**0e ]Ɋ& !e F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dfa63837-388f-4c82-a00f-0b5810de66c3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5e01baaf-b694-43a0-8aee-00057b567bea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0a0**@2 ]Ɋ& !2 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dfa63837-388f-4c82-a00f-0b5810de66c3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5e01baaf-b694-43a0-8aee-00057b567bea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d P@**I ]Ɋ& )!XI F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e7f6c0c8-c4de-4209-995e-3b7c313dbcb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**I ]Ɋ& A!XI F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e7f6c0c8-c4de-4209-995e-3b7c313dbcb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**I ]Ɋ& =!XI F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e7f6c0c8-c4de-4209-995e-3b7c313dbcb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **I ]Ɋ& 5!XI F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e7f6c0c8-c4de-4209-995e-3b7c313dbcb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr** I ]Ɋ& 5!XI  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e7f6c0c8-c4de-4209-995e-3b7c313dbcb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl** I ]Ɋ& 7!XI  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e7f6c0c8-c4de-4209-995e-3b7c313dbcb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0 I ]Ɋ& !I  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e7f6c0c8-c4de-4209-995e-3b7c313dbcb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d10c85e5-714b-452a-8af5-144537477099 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@ 5I ]Ɋ& !5I  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e7f6c0c8-c4de-4209-995e-3b7c313dbcb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d10c85e5-714b-452a-8af5-144537477099 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art@**X I ]Ɋ& !XI  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=97333f11-e205-4a17-bddc-88d5feda53fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d X**pI ]Ɋ& !XI F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=97333f11-e205-4a17-bddc-88d5feda53fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=p**hI ]Ɋ& !XI F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=97333f11-e205-4a17-bddc-88d5feda53fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ch**`I ]Ɋ& !XI F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=97333f11-e205-4a17-bddc-88d5feda53fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`I ]Ɋ& !XI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=97333f11-e205-4a17-bddc-88d5feda53fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**hI ]Ɋ& !XI F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=97333f11-e205-4a17-bddc-88d5feda53fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tId=h**I ]Ɋ&  !I F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=97333f11-e205-4a17-bddc-88d5feda53fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ce62eb30-fe9d-4883-a8cf-3ca4c85cf751 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=13-1**I ]Ɋ& !I F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=97333f11-e205-4a17-bddc-88d5feda53fc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ce62eb30-fe9d-4883-a8cf-3ca4c85cf751 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**8I ]Ɋ& !XI F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=349fad95-a640-4d68-89d8-ea2dd536f0a5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1b8**PI ]Ɋ& !XI F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=349fad95-a640-4d68-89d8-ea2dd536f0a5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tIP**PI ]Ɋ& !XI F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=349fad95-a640-4d68-89d8-ea2dd536f0a5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4.0P**HI ]Ɋ& !XI F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=349fad95-a640-4d68-89d8-ea2dd536f0a5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**HI ]Ɋ& !XI F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=349fad95-a640-4d68-89d8-ea2dd536f0a5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConsH**HI ]Ɋ& !XI F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=349fad95-a640-4d68-89d8-ea2dd536f0a5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**I ]Ɋ& !I F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=349fad95-a640-4d68-89d8-ea2dd536f0a5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e8731994-38f2-495d-b88d-f7c2e9df2b1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=equ**bI ]Ɋ& !bI F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=349fad95-a640-4d68-89d8-ea2dd536f0a5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e8731994-38f2-495d-b88d-f7c2e9df2b1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**XbI ]Ɋ& !XbI F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=06c29232-44a6-4c9a-8b39-3d7483ee4f4f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pbI ]Ɋ& !XbI F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=06c29232-44a6-4c9a-8b39-3d7483ee4f4f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Scp**hbI ]Ɋ& !XbI F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=06c29232-44a6-4c9a-8b39-3d7483ee4f4f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dOh**` bI ]Ɋ& !XbI  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=06c29232-44a6-4c9a-8b39-3d7483ee4f4f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns`**`!bI ]Ɋ& !XbI! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=06c29232-44a6-4c9a-8b39-3d7483ee4f4f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh`**`"bI ]Ɋ& !XbI" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=06c29232-44a6-4c9a-8b39-3d7483ee4f4f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**#bI ]Ɋ& !bI# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=06c29232-44a6-4c9a-8b39-3d7483ee4f4f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5ee17f82-58e3-4f8c-8d8b-e3c16d8a1016 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**$bI ]Ɋ& !bI$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=06c29232-44a6-4c9a-8b39-3d7483ee4f4f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5ee17f82-58e3-4f8c-8d8b-e3c16d8a1016 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(%bI ]Ɋ& !XbI% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=42a77c61-5974-40fc-a45c-b0cbdd21df95 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m(**@&bI ]Ɋ& !XbI& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=42a77c61-5974-40fc-a45c-b0cbdd21df95 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U@**@'bI ]Ɋ& !XbI' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=42a77c61-5974-40fc-a45c-b0cbdd21df95 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8(bI ]Ɋ& !XbI( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=42a77c61-5974-40fc-a45c-b0cbdd21df95 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ARE8**8)bI ]Ɋ& !XbI) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=42a77c61-5974-40fc-a45c-b0cbdd21df95 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8*bI ]Ɋ& !XbI* F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=42a77c61-5974-40fc-a45c-b0cbdd21df95 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**+bI ]Ɋ& !bI+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=42a77c61-5974-40fc-a45c-b0cbdd21df95 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3b28582d-98ee-46d0-a4f3-21e0676bdda7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co**,I ]Ɋ& !I, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=42a77c61-5974-40fc-a45c-b0cbdd21df95 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3b28582d-98ee-46d0-a4f3-21e0676bdda7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInf**X-I ]Ɋ& !XI- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e3a4a56f-5e15-43c1-b8a5-49c0766f8660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53XI. F&aceId=89e92d1a-0928-4560-9cff-ebe3e0437858 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk._._0#S:Mu=VysMc&&**x .I ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! W!XI. F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e3a4a56f-5e15-43c1-b8a5-49c0766f8660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **p/I ]Ɋ& !XI/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e3a4a56f-5e15-43c1-b8a5-49c0766f8660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**h0I ]Ɋ& !XI0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e3a4a56f-5e15-43c1-b8a5-49c0766f8660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**h1I ]Ɋ& !XI1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e3a4a56f-5e15-43c1-b8a5-49c0766f8660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h2I ]Ɋ& !XI2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e3a4a56f-5e15-43c1-b8a5-49c0766f8660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**3I ]Ɋ&  !I3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e3a4a56f-5e15-43c1-b8a5-49c0766f8660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9bf89c4-c40c-4afb-8a71-6415238cdeea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**4RI ]Ɋ& !RI4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e3a4a56f-5e15-43c1-b8a5-49c0766f8660 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9bf89c4-c40c-4afb-8a71-6415238cdeea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**5RI ]Ɋ& '!XRI5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b5a8015c-208e-4884-acbb-056e6a09050d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**6RI ]Ɋ& ?!XRI6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b5a8015c-208e-4884-acbb-056e6a09050d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**7RI ]Ɋ& ;!XRI7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b5a8015c-208e-4884-acbb-056e6a09050d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b7c**8RI ]Ɋ& 3!XRI8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b5a8015c-208e-4884-acbb-056e6a09050d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**9RI ]Ɋ& 3!XRI9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b5a8015c-208e-4884-acbb-056e6a09050d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c31**:RI ]Ɋ& 5!XRI: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b5a8015c-208e-4884-acbb-056e6a09050d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0;RI ]Ɋ& !RI; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b5a8015c-208e-4884-acbb-056e6a09050d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b555b05b-2e29-494e-9f94-d1e7f5aa2db3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@<I ]Ɋ& !I< F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b5a8015c-208e-4884-acbb-056e6a09050d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b555b05b-2e29-494e-9f94-d1e7f5aa2db3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**=E  ]Ɋ& )!XE = F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ce78a4f4-7dc5-4fd7-be0e-af24e4c61805 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **>E  ]Ɋ& A!XE > F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ce78a4f4-7dc5-4fd7-be0e-af24e4c61805 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**?E  ]Ɋ& =!XE ? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ce78a4f4-7dc5-4fd7-be0e-af24e4c61805 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**@E  ]Ɋ& 5!XE @ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ce78a4f4-7dc5-4fd7-be0e-af24e4c61805 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**AE  ]Ɋ& 5!XE A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ce78a4f4-7dc5-4fd7-be0e-af24e4c61805 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**BE  ]Ɋ& 7!XE B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ce78a4f4-7dc5-4fd7-be0e-af24e4c61805 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0Cۤ ]Ɋ& !ۤC F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ce78a4f4-7dc5-4fd7-be0e-af24e4c61805 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9937052e-5ea4-4527-b48f-2b7bc7229563 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@Dr= ]Ɋ& !r=D F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ce78a4f4-7dc5-4fd7-be0e-af24e4c61805 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9937052e-5ea4-4527-b48f-2b7bc7229563 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**XE ]Ɋ& !XE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3f8d4531-a3e1-4abe-a012-69fa73b02b95 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pF ]Ɋ& !XF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3f8d4531-a3e1-4abe-a012-69fa73b02b95 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**hG ]Ɋ& !XG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3f8d4531-a3e1-4abe-a012-69fa73b02b95 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`H ]Ɋ& !XH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3f8d4531-a3e1-4abe-a012-69fa73b02b95 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`I ]Ɋ& !XI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3f8d4531-a3e1-4abe-a012-69fa73b02b95 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hJ ]Ɋ& !XJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3f8d4531-a3e1-4abe-a012-69fa73b02b95 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**K ]Ɋ&  !K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3f8d4531-a3e1-4abe-a012-69fa73b02b95 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12827eb0-cf0f-4278-9af1-91d798e268ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**L ]Ɋ& !L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3f8d4531-a3e1-4abe-a012-69fa73b02b95 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12827eb0-cf0f-4278-9af1-91d798e268ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8M ]Ɋ& !XM F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b67110b2-2c90-41c2-a96a-55c13251f29c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**PN ]Ɋ& !XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b67110b2-2c90-41c2-a96a-55c13251f29c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PO ]Ɋ& !XO F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b67110b2-2c90-41c2-a96a-55c13251f29c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**HP ]Ɋ& !XP F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b67110b2-2c90-41c2-a96a-55c13251f29c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HQ ]Ɋ& !XQ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b67110b2-2c90-41c2-a96a-55c13251f29c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HR ]Ɋ& !XR F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b67110b2-2c90-41c2-a96a-55c13251f29c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**S ]Ɋ& !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b67110b2-2c90-41c2-a96a-55c13251f29c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b7667f7-130f-4691-9c75-a0d5aa344f74 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**T ]Ɋ& !T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b67110b2-2c90-41c2-a96a-55c13251f29c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b7667f7-130f-4691-9c75-a0d5aa344f74 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XUn ]Ɋ& !XnU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a2d90b1-2a4d-4a72-b253-6e87c856047d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**pVn ]Ɋ& !XnV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a2d90b1-2a4d-4a72-b253-6e87c856047d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**hWn ]Ɋ& !XnW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a2d90b1-2a4d-4a72-b253-6e87c856047d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`Xn ]Ɋ& !XnX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a2d90b1-2a4d-4a72-b253-6e87c856047d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`Yn ]Ɋ& !XnY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a2d90b1-2a4d-4a72-b253-6e87c856047d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`Zn ]Ɋ& !XnZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a2d90b1-2a4d-4a72-b253-6e87c856047d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**[n ]Ɋ& !n[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a2d90b1-2a4d-4a72-b253-6e87c856047d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=254f8104-b0c6-432e-a6fc-c705ac39247d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**\n ]Ɋ& !n\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a2d90b1-2a4d-4a72-b253-6e87c856047d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=254f8104-b0c6-432e-a6fc-c705ac39247d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(]n ]Ɋ& !Xn] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f2cbf2f2-eaff-4a23-b00e-40522495b81f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@^n ]Ɋ& !Xn^ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f2cbf2f2-eaff-4a23-b00e-40522495b81f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@_n ]Ɋ& !Xn_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f2cbf2f2-eaff-4a23-b00e-40522495b81f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@ 65535 Eng ]Ɋ& ndXn` F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53XI. F&aceId=89e92d1a-0928-4560-9cff-ebe3e0437858 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk``p q[זMu=VysMc&&**8 `n ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xn` F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f2cbf2f2-eaff-4a23-b00e-40522495b81f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8an ]Ɋ& !Xna F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f2cbf2f2-eaff-4a23-b00e-40522495b81f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8bn ]Ɋ& !Xnb F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f2cbf2f2-eaff-4a23-b00e-40522495b81f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**cn ]Ɋ& !nc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f2cbf2f2-eaff-4a23-b00e-40522495b81f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=447cd02e-1170-49b2-a1aa-609afe077527 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e3**d̟ ]Ɋ& !̟d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f2cbf2f2-eaff-4a23-b00e-40522495b81f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=447cd02e-1170-49b2-a1aa-609afe077527 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**Xeb8  ]Ɋ& !Xb8 e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f23a3605-97b5-4bd7-b2a5-55ed2289ca4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pfb8  ]Ɋ& !Xb8 f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f23a3605-97b5-4bd7-b2a5-55ed2289ca4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pgb8  ]Ɋ& !Xb8 g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f23a3605-97b5-4bd7-b2a5-55ed2289ca4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hhb8  ]Ɋ& !Xb8 h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f23a3605-97b5-4bd7-b2a5-55ed2289ca4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**hib8  ]Ɋ& !Xb8 i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f23a3605-97b5-4bd7-b2a5-55ed2289ca4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**hjb8  ]Ɋ& !Xb8 j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f23a3605-97b5-4bd7-b2a5-55ed2289ca4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e-h**k  ]Ɋ&  ! k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f23a3605-97b5-4bd7-b2a5-55ed2289ca4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4412ccdd-07a2-48bc-842f-345c6c138b50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**li  ]Ɋ& !i l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f23a3605-97b5-4bd7-b2a5-55ed2289ca4a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4412ccdd-07a2-48bc-842f-345c6c138b50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[**mi  ]Ɋ& '!Xi m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=38e4b465-a084-4f0a-9eae-19f8c544b32a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**ni  ]Ɋ& ?!Xi n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=38e4b465-a084-4f0a-9eae-19f8c544b32a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**oi  ]Ɋ& ;!Xi o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=38e4b465-a084-4f0a-9eae-19f8c544b32a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**pi  ]Ɋ& 3!Xi p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=38e4b465-a084-4f0a-9eae-19f8c544b32a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **qi  ]Ɋ& 3!Xi q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=38e4b465-a084-4f0a-9eae-19f8c544b32a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp**ri  ]Ɋ& 5!Xi r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=38e4b465-a084-4f0a-9eae-19f8c544b32a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0si  ]Ɋ& !i s F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=38e4b465-a084-4f0a-9eae-19f8c544b32a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8a87e733-14cb-48f1-9e9f-584abccd5d2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@t&  ]Ɋ& !& t F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=38e4b465-a084-4f0a-9eae-19f8c544b32a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8a87e733-14cb-48f1-9e9f-584abccd5d2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@**ug ]Ɋ& )!Xgu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=06cbf87a-a9c5-4486-8905-035ac776162d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**vg ]Ɋ& A!Xgv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=06cbf87a-a9c5-4486-8905-035ac776162d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**wg ]Ɋ& =!Xgw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=06cbf87a-a9c5-4486-8905-035ac776162d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**xg ]Ɋ& 5!Xgx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=06cbf87a-a9c5-4486-8905-035ac776162d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**yg ]Ɋ& 5!Xgy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=06cbf87a-a9c5-4486-8905-035ac776162d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**zg ]Ɋ& 7!Xgz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=06cbf87a-a9c5-4486-8905-035ac776162d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0{g ]Ɋ& !g{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=06cbf87a-a9c5-4486-8905-035ac776162d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fe0096ce-f056-48c2-a6cf-0a6a84f0ac96 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@| ]Ɋ& !| F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=06cbf87a-a9c5-4486-8905-035ac776162d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fe0096ce-f056-48c2-a6cf-0a6a84f0ac96 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e1-@**X}+ ]Ɋ& !X+} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5c259-3847-4f2d-a684-b8d217379579 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**p~+ ]Ɋ& !X+~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5c259-3847-4f2d-a684-b8d217379579 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**h+ ]Ɋ& !X+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5c259-3847-4f2d-a684-b8d217379579 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0h**`+ ]Ɋ& !X+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5c259-3847-4f2d-a684-b8d217379579 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2`**`+ ]Ɋ& !X+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5c259-3847-4f2d-a684-b8d217379579 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2`**h+ ]Ɋ& !X+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5c259-3847-4f2d-a684-b8d217379579 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**+ ]Ɋ&  !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5c259-3847-4f2d-a684-b8d217379579 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=488dcd87-0cef-489b-ac6f-fe58b1d89f94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e5b5c259-3847-4f2d-a684-b8d217379579 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=488dcd87-0cef-489b-ac6f-fe58b1d89f94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8b ]Ɋ& !Xb F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f105f671-2605-4249-86ee-ba44d7970900 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**Pb ]Ɋ& !Xb F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f105f671-2605-4249-86ee-ba44d7970900 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**Pb ]Ɋ& !Xb F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f105f671-2605-4249-86ee-ba44d7970900 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**Hb ]Ɋ& !Xb F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f105f671-2605-4249-86ee-ba44d7970900 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5604H**Hb ]Ɋ& !Xb F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f105f671-2605-4249-86ee-ba44d7970900 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-b25H**Hb ]Ɋ& !Xb F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f105f671-2605-4249-86ee-ba44d7970900 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b1-H**b ]Ɋ& !b F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f105f671-2605-4249-86ee-ba44d7970900 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c38f8323-71bd-4c05-9c43-691c7cc7272a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=47d**b ]Ɋ& !b F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f105f671-2605-4249-86ee-ba44d7970900 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c38f8323-71bd-4c05-9c43-691c7cc7272a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4bb5b67e-2a59-4734-a3dd-0e658a3b6634 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4bb5b67e-2a59-4734-a3dd-0e658a3b6634 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4bb5b67e-2a59-4734-a3dd-0e658a3b6634 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4bb5b67e-2a59-4734-a3dd-0e658a3b6634 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CX F&wid@ 65535 Eng ]Ɋ& ndXn` F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53XI. F&aceId=89e92d1a-0928-4560-9cff-ebe3e0437858 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@N;y3HMu=VysMc&&**h ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4bb5b67e-2a59-4734-a3dd-0e658a3b6634 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4bb5b67e-2a59-4734-a3dd-0e658a3b6634 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4bb5b67e-2a59-4734-a3dd-0e658a3b6634 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1dcbdbd2-a15b-4ac4-a3f6-b25f6d4fa894 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4bb5b67e-2a59-4734-a3dd-0e658a3b6634 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1dcbdbd2-a15b-4ac4-a3f6-b25f6d4fa894 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1fab8ec8-d13b-45d4-9cd4-c471a30d4e34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1fab8ec8-d13b-45d4-9cd4-c471a30d4e34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1fab8ec8-d13b-45d4-9cd4-c471a30d4e34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1fab8ec8-d13b-45d4-9cd4-c471a30d4e34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1fab8ec8-d13b-45d4-9cd4-c471a30d4e34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1fab8ec8-d13b-45d4-9cd4-c471a30d4e34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1fab8ec8-d13b-45d4-9cd4-c471a30d4e34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4b5c879f-0d6f-4dba-9174-7b4d56a6a267 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**, ]Ɋ& !, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1fab8ec8-d13b-45d4-9cd4-c471a30d4e34 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4b5c879f-0d6f-4dba-9174-7b4d56a6a267 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**XH ]Ɋ& !XH F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=67f01257-65cf-483d-bb4b-f2b1266d147a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**pH ]Ɋ& !XH F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=67f01257-65cf-483d-bb4b-f2b1266d147a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**pH ]Ɋ& !XH F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=67f01257-65cf-483d-bb4b-f2b1266d147a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**hH ]Ɋ& !XH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=67f01257-65cf-483d-bb4b-f2b1266d147a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hH ]Ɋ& !XH F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=67f01257-65cf-483d-bb4b-f2b1266d147a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hH ]Ɋ& !XH F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=67f01257-65cf-483d-bb4b-f2b1266d147a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**H ]Ɋ&  !H F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=67f01257-65cf-483d-bb4b-f2b1266d147a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eff1aaab-e6ed-4237-b485-3696a7fd5982 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**] ]Ɋ& !] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=67f01257-65cf-483d-bb4b-f2b1266d147a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eff1aaab-e6ed-4237-b485-3696a7fd5982 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**u ]Ɋ& '!Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fd31e5ae-f0e8-4d8b-b368-cf1c4a151555 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**u ]Ɋ& ?!Xu F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fd31e5ae-f0e8-4d8b-b368-cf1c4a151555 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**u ]Ɋ& ;!Xu F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fd31e5ae-f0e8-4d8b-b368-cf1c4a151555 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**u ]Ɋ& 3!Xu F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fd31e5ae-f0e8-4d8b-b368-cf1c4a151555 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==06**u ]Ɋ& 3!Xu F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fd31e5ae-f0e8-4d8b-b368-cf1c4a151555 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**u ]Ɋ& 5!Xu F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fd31e5ae-f0e8-4d8b-b368-cf1c4a151555 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=48**0u ]Ɋ& !u F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fd31e5ae-f0e8-4d8b-b368-cf1c4a151555 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d106c2b6-9a32-44b4-b02f-eda95059022e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@  ]Ɋ& !  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fd31e5ae-f0e8-4d8b-b368-cf1c4a151555 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d106c2b6-9a32-44b4-b02f-eda95059022e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**6 ]Ɋ& )!X6 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ffd49ef0-cb90-4be8-b162-47235bb13929 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**6 ]Ɋ& A!X6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ffd49ef0-cb90-4be8-b162-47235bb13929 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **6 ]Ɋ& =!X6 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ffd49ef0-cb90-4be8-b162-47235bb13929 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**6 ]Ɋ& 5!X6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ffd49ef0-cb90-4be8-b162-47235bb13929 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**6 ]Ɋ& 5!X6 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ffd49ef0-cb90-4be8-b162-47235bb13929 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **6 ]Ɋ& 7!X6 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ffd49ef0-cb90-4be8-b162-47235bb13929 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**06 ]Ɋ& !6 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ffd49ef0-cb90-4be8-b162-47235bb13929 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6b6f69a6-d62f-4497-96ef-4b834e8ed750 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@97 ]Ɋ& !97 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ffd49ef0-cb90-4be8-b162-47235bb13929 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6b6f69a6-d62f-4497-96ef-4b834e8ed750 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**X97 ]Ɋ& !X97 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a8b3116f-0a06-45c8-989b-1541bcf1f5e7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**p97 ]Ɋ& !X97 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a8b3116f-0a06-45c8-989b-1541bcf1f5e7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**h97 ]Ɋ& !X97 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a8b3116f-0a06-45c8-989b-1541bcf1f5e7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`97 ]Ɋ& !X97 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a8b3116f-0a06-45c8-989b-1541bcf1f5e7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`97 ]Ɋ& !X97 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a8b3116f-0a06-45c8-989b-1541bcf1f5e7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h97 ]Ɋ& !X97 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a8b3116f-0a06-45c8-989b-1541bcf1f5e7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**x7 ]Ɋ&  !x7 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a8b3116f-0a06-45c8-989b-1541bcf1f5e7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73d68b57-0eed-4ab4-924b-63198b963492 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**x7 ]Ɋ& !x7 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a8b3116f-0a06-45c8-989b-1541bcf1f5e7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73d68b57-0eed-4ab4-924b-63198b963492 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8x7 ]Ɋ& !Xx7 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4ae54cea-efda-43bc-aaa9-ff809b6c367c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**Px7 ]Ɋ& !Xx7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4ae54cea-efda-43bc-aaa9-ff809b6c367c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**Px7 ]Ɋ& !Xx7 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4ae54cea-efda-43bc-aaa9-ff809b6c367c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**Hx7 ]Ɋ& !Xx7 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4ae54cea-efda-43bc-aaa9-ff809b6c367c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**Hx7 ]Ɋ& !Xx7 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4ae54cea-efda-43bc-aaa9-ff809b6c367c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4378H PipelineI ]Ɋ&  Xx7¼ F&ElfChnk¼¼hW2KA!Mu=VysMc&&**H¼x7 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! +!Xx7¼ F&F%g>9{p(xlMD EventDatauoData !BinaryxVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4ae54cea-efda-43bc-aaa9-ff809b6c367c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**üx7 ]Ɋ& !x7ü F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4ae54cea-efda-43bc-aaa9-ff809b6c367c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af296cb4-c7fd-4931-9a9a-58c9b37a720f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ļx7 ]Ɋ& !x7ļ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4ae54cea-efda-43bc-aaa9-ff809b6c367c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af296cb4-c7fd-4931-9a9a-58c9b37a720f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xżk8 ]Ɋ& !Xk8ż F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=899e6a33-6f37-4d85-a6c7-50d41be55e5a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pƼk8 ]Ɋ& !Xk8Ƽ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=899e6a33-6f37-4d85-a6c7-50d41be55e5a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**hǼk8 ]Ɋ& !Xk8Ǽ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=899e6a33-6f37-4d85-a6c7-50d41be55e5a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`ȼk8 ]Ɋ& !Xk8ȼ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=899e6a33-6f37-4d85-a6c7-50d41be55e5a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`ɼk8 ]Ɋ& !Xk8ɼ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=899e6a33-6f37-4d85-a6c7-50d41be55e5a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`ʼk8 ]Ɋ& !Xk8ʼ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=899e6a33-6f37-4d85-a6c7-50d41be55e5a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**˼k8 ]Ɋ& !k8˼ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=899e6a33-6f37-4d85-a6c7-50d41be55e5a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f27ed043-2d45-46c0-9f64-1382d682c719 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**̼k8 ]Ɋ& !k8̼ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=899e6a33-6f37-4d85-a6c7-50d41be55e5a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f27ed043-2d45-46c0-9f64-1382d682c719 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(ͼk8 ]Ɋ& !Xk8ͼ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e2fd5962-60fb-4d36-b872-e4221f5a0dea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@μk8 ]Ɋ& !Xk8μ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e2fd5962-60fb-4d36-b872-e4221f5a0dea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@ϼk8 ]Ɋ& !Xk8ϼ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e2fd5962-60fb-4d36-b872-e4221f5a0dea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8мk8 ]Ɋ& !Xk8м F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e2fd5962-60fb-4d36-b872-e4221f5a0dea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8Ѽk8 ]Ɋ& !Xk8Ѽ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e2fd5962-60fb-4d36-b872-e4221f5a0dea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==678**8Ҽk8 ]Ɋ& !Xk8Ҽ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e2fd5962-60fb-4d36-b872-e4221f5a0dea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**Ӽk8 ]Ɋ& !k8Ӽ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e2fd5962-60fb-4d36-b872-e4221f5a0dea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dc40345a-0e74-4e50-9920-7219d99a46c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**Լh: ]Ɋ& !h:Լ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e2fd5962-60fb-4d36-b872-e4221f5a0dea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dc40345a-0e74-4e50-9920-7219d99a46c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**Xռ; ]Ɋ& !X;ռ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=77bad5ac-29b0-4f14-abf1-3d072ed0ee78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pּ; ]Ɋ& !X;ּ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=77bad5ac-29b0-4f14-abf1-3d072ed0ee78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**p׼; ]Ɋ& !X;׼ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=77bad5ac-29b0-4f14-abf1-3d072ed0ee78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**hؼ; ]Ɋ& !X;ؼ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=77bad5ac-29b0-4f14-abf1-3d072ed0ee78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hټ; ]Ɋ& !X;ټ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=77bad5ac-29b0-4f14-abf1-3d072ed0ee78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hڼ; ]Ɋ& !X;ڼ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=77bad5ac-29b0-4f14-abf1-3d072ed0ee78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**ۼ; ]Ɋ&  !;ۼ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=77bad5ac-29b0-4f14-abf1-3d072ed0ee78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48794eed-66df-42ee-8c79-ef19d94387d7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ܼ,< ]Ɋ& !,<ܼ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=77bad5ac-29b0-4f14-abf1-3d072ed0ee78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48794eed-66df-42ee-8c79-ef19d94387d7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **ݼ,< ]Ɋ& '!X,<ݼ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dfe030d0-3169-4516-aec5-5a9a76f59b77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**޼,< ]Ɋ& ?!X,<޼ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dfe030d0-3169-4516-aec5-5a9a76f59b77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**߼,< ]Ɋ& ;!X,<߼ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dfe030d0-3169-4516-aec5-5a9a76f59b77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**,< ]Ɋ& 3!X,< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dfe030d0-3169-4516-aec5-5a9a76f59b77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**,< ]Ɋ& 3!X,< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dfe030d0-3169-4516-aec5-5a9a76f59b77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**,< ]Ɋ& 5!X,< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dfe030d0-3169-4516-aec5-5a9a76f59b77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0,< ]Ɋ& !,< F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dfe030d0-3169-4516-aec5-5a9a76f59b77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=540dc286-b033-4f5c-9159-b3c8f4c2bbfa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@Y= ]Ɋ& !Y= F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dfe030d0-3169-4516-aec5-5a9a76f59b77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=540dc286-b033-4f5c-9159-b3c8f4c2bbfa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 @**nrE ]Ɋ& )!XnrE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c4ec5aaf-4d07-4d10-b91e-45bf0f9d64ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uctS**nrE ]Ɋ& A!XnrE F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c4ec5aaf-4d07-4d10-b91e-45bf0f9d64ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=curi**nrE ]Ɋ& =!XnrE F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c4ec5aaf-4d07-4d10-b91e-45bf0f9d64ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **nrE ]Ɋ& 5!XnrE F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c4ec5aaf-4d07-4d10-b91e-45bf0f9d64ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **nrE ]Ɋ& 5!XnrE F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c4ec5aaf-4d07-4d10-b91e-45bf0f9d64ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi**nrE ]Ɋ& 7!XnrE F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c4ec5aaf-4d07-4d10-b91e-45bf0f9d64ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0nrE ]Ɋ& !nrE F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c4ec5aaf-4d07-4d10-b91e-45bf0f9d64ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dd602c5f-5069-448e-aca5-50b97a86401e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@E ]Ɋ& !E F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c4ec5aaf-4d07-4d10-b91e-45bf0f9d64ba HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dd602c5f-5069-448e-aca5-50b97a86401e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XE ]Ɋ& !XE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d42c035-78cb-4d7c-bba6-04d97ca1de09 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pE ]Ɋ& !XE F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d42c035-78cb-4d7c-bba6-04d97ca1de09 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**hE ]Ɋ& !XE F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d42c035-78cb-4d7c-bba6-04d97ca1de09 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`E ]Ɋ& !XE F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d42c035-78cb-4d7c-bba6-04d97ca1de09 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`E ]Ɋ& !XE F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d42c035-78cb-4d7c-bba6-04d97ca1de09 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hE ]Ɋ& !XE F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d42c035-78cb-4d7c-bba6-04d97ca1de09 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h ]Ɋ& Xx7¼EElfChnk##BUMu=VysMc&&**E ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !E F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d42c035-78cb-4d7c-bba6-04d97ca1de09 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e6e7910d-fa25-4580-8389-4fe4e05afb63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**29{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=74928649-f3a1-4b9d-9be3-c72e81bb95a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4a72a9fd-fb2d-4100-b8cf-c511ccd3ef8e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X%8!x ]Ɋ& !X8!x% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=09d10f2f-71cc-40e8-8826-bb64259a59f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=580X**p&8!x ]Ɋ& !X8!x& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=09d10f2f-71cc-40e8-8826-bb64259a59f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**h'8!x ]Ɋ& !X8!x' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=09d10f2f-71cc-40e8-8826-bb64259a59f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`(8!x ]Ɋ& !X8!x( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=09d10f2f-71cc-40e8-8826-bb64259a59f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`)8!x ]Ɋ& !X8!x) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=09d10f2f-71cc-40e8-8826-bb64259a59f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**h*8!x ]Ɋ& !X8!x* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=09d10f2f-71cc-40e8-8826-bb64259a59f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**+8!x ]Ɋ&  !8!x+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=09d10f2f-71cc-40e8-8826-bb64259a59f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e95c65a-b118-4292-aca1-f064028692fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**,8!x ]Ɋ& !8!x, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=09d10f2f-71cc-40e8-8826-bb64259a59f7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e95c65a-b118-4292-aca1-f064028692fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8-D"x ]Ɋ& !XD"x- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=49489b6e-76de-4b9f-bd33-176677844246 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**P.D"x ]Ɋ& !XD"x. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=49489b6e-76de-4b9f-bd33-176677844246 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**P/D"x ]Ɋ& !XD"x/ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=49489b6e-76de-4b9f-bd33-176677844246 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**H0D"x ]Ɋ& !XD"x0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=49489b6e-76de-4b9f-bd33-176677844246 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**H1D"x ]Ɋ& !XD"x1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=49489b6e-76de-4b9f-bd33-176677844246 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**H2D"x ]Ɋ& !XD"x2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=49489b6e-76de-4b9f-bd33-176677844246 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**3D"x ]Ɋ& !D"x3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=49489b6e-76de-4b9f-bd33-176677844246 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b47e2df2-8c3d-4212-a745-491e8ddf5436 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**4D"x ]Ɋ& !D"x4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=49489b6e-76de-4b9f-bd33-176677844246 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b47e2df2-8c3d-4212-a745-491e8ddf5436 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**X5D"x ]Ɋ& !XD"x5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8898114c-46de-4a07-9cc9-8c5bf850dfc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-e65X**p6D"x ]Ɋ& !XD"x6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8898114c-46de-4a07-9cc9-8c5bf850dfc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h7D"x ]Ɋ& !XD"x7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8898114c-46de-4a07-9cc9-8c5bf850dfc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`8D"x ]Ɋ& !XD"x8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8898114c-46de-4a07-9cc9-8c5bf850dfc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2-`**`9D"x ]Ɋ& !XD"x9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8898114c-46de-4a07-9cc9-8c5bf850dfc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`:D"x ]Ɋ& !XD"x: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8898114c-46de-4a07-9cc9-8c5bf850dfc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**;D"x ]Ɋ& !D"x; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8898114c-46de-4a07-9cc9-8c5bf850dfc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b2c5446b-fdd6-4b64-af28-d0b606a41486 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**<D"x ]Ɋ& !D"x< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8898114c-46de-4a07-9cc9-8c5bf850dfc0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b2c5446b-fdd6-4b64-af28-d0b606a41486 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(=e"x ]Ɋ& !Xe"x= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4db6fbfb-4e93-47df-9362-e75d907dc00e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@>e"x ]Ɋ& !Xe"x> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4db6fbfb-4e93-47df-9362-e75d907dc00e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@?e"x ]Ɋ& !Xe"x? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4db6fbfb-4e93-47df-9362-e75d907dc00e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8@e"x ]Ɋ& !Xe"x@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4db6fbfb-4e93-47df-9362-e75d907dc00e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8Ae"x ]Ɋ& !Xe"xA F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4db6fbfb-4e93-47df-9362-e75d907dc00e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8Be"x ]Ɋ& !Xe"xB F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4db6fbfb-4e93-47df-9362-e75d907dc00e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Ce"x ]Ɋ& !e"xC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4db6fbfb-4e93-47df-9362-e75d907dc00e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8fe0f27e-8a7d-4ddc-b63e-c0f3956914ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **Du#x ]Ɋ& !u#xD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4db6fbfb-4e93-47df-9362-e75d907dc00e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8fe0f27e-8a7d-4ddc-b63e-c0f3956914ef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**XE$x ]Ɋ& !X$xE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3e0634a7-88a9-4779-9f6d-33520a20c582 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pF$x ]Ɋ& !X$xF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3e0634a7-88a9-4779-9f6d-33520a20c582 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pG$x ]Ɋ& !X$xG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3e0634a7-88a9-4779-9f6d-33520a20c582 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**hH$x ]Ɋ& !X$xH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3e0634a7-88a9-4779-9f6d-33520a20c582 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**hI$x ]Ɋ& !X$xI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3e0634a7-88a9-4779-9f6d-33520a20c582 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**hJ$x ]Ɋ& !X$xJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3e0634a7-88a9-4779-9f6d-33520a20c582 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh**K($x ]Ɋ&  !($xK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3e0634a7-88a9-4779-9f6d-33520a20c582 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a251ff0-d240-46ef-91fe-fc29d1a019f4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**L?%x ]Ɋ& !?%xL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3e0634a7-88a9-4779-9f6d-33520a20c582 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a251ff0-d240-46ef-91fe-fc29d1a019f4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**M?%x ]Ɋ& '!X?%xM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a88b192b-d262-4ae8-b25c-03ca27b978c7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**N?%x ]Ɋ& ?!X?%xN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a88b192b-d262-4ae8-b25c-03ca27b978c7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**O?%x ]Ɋ& ;!X?%xO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a88b192b-d262-4ae8-b25c-03ca27b978c7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**P?%x ]Ɋ& 3!X?%xP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a88b192b-d262-4ae8-b25c-03ca27b978c7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro**Q?%x ]Ɋ& 3!X?%xQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a88b192b-d262-4ae8-b25c-03ca27b978c7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**R?%x ]Ɋ& 5!X?%xR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a88b192b-d262-4ae8-b25c-03ca27b978c7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0S?%x ]Ɋ& !?%xS F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a88b192b-d262-4ae8-b25c-03ca27b978c7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2fc672ce-a329-4a9b-a373-e8037dcaf57f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& osU%xT F&on=4.0 HostId=74928649-f3a1-4b9d-9be3-c72e81bb95a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4a72a9fd-fb2d-4100-b8cf-c511ccd3ef8e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 Xx7¼EElfChnkTTB)WcMu=VysMc&&**@ TU%x ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!U%xT F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a88b192b-d262-4ae8-b25c-03ca27b978c7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2fc672ce-a329-4a9b-a373-e8037dcaf57f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ **U|D ]Ɋ& )!X|DU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=546297c1-a4b5-4998-b9e8-b8512cda1da9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=3 **V|D ]Ɋ& A!X|DV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=546297c1-a4b5-4998-b9e8-b8512cda1da9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNa**W|D ]Ɋ& =!X|DW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=546297c1-a4b5-4998-b9e8-b8512cda1da9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X|D ]Ɋ& 5!X|DX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=546297c1-a4b5-4998-b9e8-b8512cda1da9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Y|D ]Ɋ& 5!X|DY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=546297c1-a4b5-4998-b9e8-b8512cda1da9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**Z|D ]Ɋ& 7!X|DZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=546297c1-a4b5-4998-b9e8-b8512cda1da9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0[|D ]Ɋ& !|D[ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=546297c1-a4b5-4998-b9e8-b8512cda1da9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1b561657-e5eb-44eb-810d-66e0beffe067 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@\D ]Ɋ& !D\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=546297c1-a4b5-4998-b9e8-b8512cda1da9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1b561657-e5eb-44eb-810d-66e0beffe067 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X]D ]Ɋ& !XD] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2eca2903-fd34-409a-98e4-440f9d41d7ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p^D ]Ɋ& !XD^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2eca2903-fd34-409a-98e4-440f9d41d7ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h_D ]Ɋ& !XD_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2eca2903-fd34-409a-98e4-440f9d41d7ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**``D ]Ɋ& !XD` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2eca2903-fd34-409a-98e4-440f9d41d7ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`aD ]Ɋ& !XDa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2eca2903-fd34-409a-98e4-440f9d41d7ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hbD ]Ɋ& !XDb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2eca2903-fd34-409a-98e4-440f9d41d7ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**cD ]Ɋ&  !Dc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2eca2903-fd34-409a-98e4-440f9d41d7ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9af87c5a-3b08-4623-8055-cc3d8bfac328 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **dD ]Ɋ& !Dd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2eca2903-fd34-409a-98e4-440f9d41d7ca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9af87c5a-3b08-4623-8055-cc3d8bfac328 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8e6E ]Ɋ& !X6Ee F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dc5fa2fd-a40d-4c59-9cea-fdd805e042df HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**Pf6E ]Ɋ& !X6Ef F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dc5fa2fd-a40d-4c59-9cea-fdd805e042df HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**Pg6E ]Ɋ& !X6Eg F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dc5fa2fd-a40d-4c59-9cea-fdd805e042df HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**Hh6E ]Ɋ& !X6Eh F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dc5fa2fd-a40d-4c59-9cea-fdd805e042df HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**Hi6E ]Ɋ& !X6Ei F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dc5fa2fd-a40d-4c59-9cea-fdd805e042df HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**Hj6E ]Ɋ& !X6Ej F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dc5fa2fd-a40d-4c59-9cea-fdd805e042df HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**k6E ]Ɋ& !6Ek F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dc5fa2fd-a40d-4c59-9cea-fdd805e042df HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=67f6a78f-317f-4ebb-bd6c-4bb6529c9bea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**l6E ]Ɋ& !6El F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dc5fa2fd-a40d-4c59-9cea-fdd805e042df HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=67f6a78f-317f-4ebb-bd6c-4bb6529c9bea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**Xm6E ]Ɋ& !X6Em F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dfa72564-7123-4be0-bfaa-2834a5cbba0f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**pn6E ]Ɋ& !X6En F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dfa72564-7123-4be0-bfaa-2834a5cbba0f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**ho6E ]Ɋ& !X6Eo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dfa72564-7123-4be0-bfaa-2834a5cbba0f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`p6E ]Ɋ& !X6Ep F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dfa72564-7123-4be0-bfaa-2834a5cbba0f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`q6E ]Ɋ& !X6Eq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dfa72564-7123-4be0-bfaa-2834a5cbba0f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`r6E ]Ɋ& !X6Er F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dfa72564-7123-4be0-bfaa-2834a5cbba0f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**s6E ]Ɋ& !6Es F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dfa72564-7123-4be0-bfaa-2834a5cbba0f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3fb92419-ee48-44a1-b08a-7d5a3b36abd5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**t6E ]Ɋ& !6Et F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dfa72564-7123-4be0-bfaa-2834a5cbba0f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3fb92419-ee48-44a1-b08a-7d5a3b36abd5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(u6E ]Ɋ& !X6Eu F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a4e6091b-6255-40a4-95b5-86d2fc94e365 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f(**@v6E ]Ɋ& !X6Ev F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a4e6091b-6255-40a4-95b5-86d2fc94e365 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@w6E ]Ɋ& !X6Ew F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a4e6091b-6255-40a4-95b5-86d2fc94e365 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F@**8x6E ]Ɋ& !X6Ex F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a4e6091b-6255-40a4-95b5-86d2fc94e365 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8y6E ]Ɋ& !X6Ey F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a4e6091b-6255-40a4-95b5-86d2fc94e365 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8z6E ]Ɋ& !X6Ez F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a4e6091b-6255-40a4-95b5-86d2fc94e365 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**{6E ]Ɋ& !6E{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a4e6091b-6255-40a4-95b5-86d2fc94e365 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=34d1640b-bd50-4fdd-a82f-60bd995146f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**|gF ]Ɋ& !gF| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a4e6091b-6255-40a4-95b5-86d2fc94e365 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=34d1640b-bd50-4fdd-a82f-60bd995146f9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X}lG ]Ɋ& !XlG} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f704cd32-3e64-452b-bea3-a7328a258924 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p~lG ]Ɋ& !XlG~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f704cd32-3e64-452b-bea3-a7328a258924 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**plG ]Ɋ& !XlG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f704cd32-3e64-452b-bea3-a7328a258924 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hlG ]Ɋ& !XlG F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f704cd32-3e64-452b-bea3-a7328a258924 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hlG ]Ɋ& !XlG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f704cd32-3e64-452b-bea3-a7328a258924 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a27h**hlG ]Ɋ& !XlG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f704cd32-3e64-452b-bea3-a7328a258924 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**lG ]Ɋ&  !lG F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f704cd32-3e64-452b-bea3-a7328a258924 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6b3fe25b-4b8e-423d-851b-3d1ba3d8c0f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**G ]Ɋ& !G F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f704cd32-3e64-452b-bea3-a7328a258924 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6b3fe25b-4b8e-423d-851b-3d1ba3d8c0f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**G ]Ɋ& '!XG F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c29c9bc-a7a2-4345-8f2e-38918234cf77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(n-US')))}} | ]Ɋ& dOXG F&=4.0 RunspaceId=2fc672ce-a329-4a9b-a373-e8037dcaf57f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& osU%xT F&on=4.0 HostId=74928649-f3a1-4b9d-9be3-c72e81bb95a5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4a72a9fd-fb2d-4100-b8cf-c511ccd3ef8e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 Xx7¼EElfChnk0zCc/Mu=VysMc&&** G ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XG F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c29c9bc-a7a2-4345-8f2e-38918234cf77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt **G ]Ɋ& ;!XG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c29c9bc-a7a2-4345-8f2e-38918234cf77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**G ]Ɋ& 3!XG F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c29c9bc-a7a2-4345-8f2e-38918234cf77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma**G ]Ɋ& 3!XG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c29c9bc-a7a2-4345-8f2e-38918234cf77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0**G ]Ɋ& 5!XG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c29c9bc-a7a2-4345-8f2e-38918234cf77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0G ]Ɋ& !G F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c29c9bc-a7a2-4345-8f2e-38918234cf77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c0c57603-0a9b-4ed0-a5d0-f4e56d2f2cf6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI0**@0H ]Ɋ& !0H F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c29c9bc-a7a2-4345-8f2e-38918234cf77 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c0c57603-0a9b-4ed0-a5d0-f4e56d2f2cf6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**3x ]Ɋ& )!X3x F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6ae44793-bd0a-4264-bd79-d146b6c64e9a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**3x ]Ɋ& A!X3x F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6ae44793-bd0a-4264-bd79-d146b6c64e9a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntiv**3x ]Ɋ& =!X3x F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6ae44793-bd0a-4264-bd79-d146b6c64e9a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**3x ]Ɋ& 5!X3x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6ae44793-bd0a-4264-bd79-d146b6c64e9a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=29**3x ]Ɋ& 5!X3x F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6ae44793-bd0a-4264-bd79-d146b6c64e9a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um**3x ]Ɋ& 7!X3x F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6ae44793-bd0a-4264-bd79-d146b6c64e9a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**03x ]Ɋ& !3x F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6ae44793-bd0a-4264-bd79-d146b6c64e9a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6714b628-8a00-4c92-8b0a-fb8f3268f55e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@y ]Ɋ& !y F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6ae44793-bd0a-4264-bd79-d146b6c64e9a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6714b628-8a00-4c92-8b0a-fb8f3268f55e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= @**Xy ]Ɋ& !Xy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fdea39f7-a2be-4c7c-95eb-47f785cfb7af HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==X**py ]Ɋ& !Xy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fdea39f7-a2be-4c7c-95eb-47f785cfb7af HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6Ep**hy ]Ɋ& !Xy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fdea39f7-a2be-4c7c-95eb-47f785cfb7af HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`y ]Ɋ& !Xy F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fdea39f7-a2be-4c7c-95eb-47f785cfb7af HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`y ]Ɋ& !Xy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fdea39f7-a2be-4c7c-95eb-47f785cfb7af HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hy ]Ɋ& !Xy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fdea39f7-a2be-4c7c-95eb-47f785cfb7af HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**y ]Ɋ&  !y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fdea39f7-a2be-4c7c-95eb-47f785cfb7af HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34368dc6-6534-4abd-9d68-4cf7f788751f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**y ]Ɋ& !y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fdea39f7-a2be-4c7c-95eb-47f785cfb7af HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34368dc6-6534-4abd-9d68-4cf7f788751f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8`y ]Ɋ& !X`y F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9729bb88-1ef6-4627-aeea-59e97236b68f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n8**P`y ]Ɋ& !X`y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9729bb88-1ef6-4627-aeea-59e97236b68f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P`y ]Ɋ& !X`y F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9729bb88-1ef6-4627-aeea-59e97236b68f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H`y ]Ɋ& !X`y F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9729bb88-1ef6-4627-aeea-59e97236b68f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H`y ]Ɋ& !X`y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9729bb88-1ef6-4627-aeea-59e97236b68f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H`y ]Ɋ& !X`y F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9729bb88-1ef6-4627-aeea-59e97236b68f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**`y ]Ɋ& !`y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9729bb88-1ef6-4627-aeea-59e97236b68f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b7c91633-c56c-4fcc-97f0-c9c3f8d9d5a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****`y ]Ɋ& !`y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9729bb88-1ef6-4627-aeea-59e97236b68f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b7c91633-c56c-4fcc-97f0-c9c3f8d9d5a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**XKz ]Ɋ& !XKz F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=345a3d2d-099a-4394-9f95-207efc5f9dcb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginX**pKz ]Ɋ& !XKz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=345a3d2d-099a-4394-9f95-207efc5f9dcb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hKz ]Ɋ& !XKz F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=345a3d2d-099a-4394-9f95-207efc5f9dcb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leh**`Kz ]Ɋ& !XKz F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=345a3d2d-099a-4394-9f95-207efc5f9dcb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H`**`Kz ]Ɋ& !XKz F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=345a3d2d-099a-4394-9f95-207efc5f9dcb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`Kz ]Ɋ& !XKz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=345a3d2d-099a-4394-9f95-207efc5f9dcb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Kz ]Ɋ& !Kz F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=345a3d2d-099a-4394-9f95-207efc5f9dcb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ffc434b0-36bb-42cf-9b13-21c0aa6c7ffe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**Kz ]Ɋ& !Kz F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=345a3d2d-099a-4394-9f95-207efc5f9dcb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ffc434b0-36bb-42cf-9b13-21c0aa6c7ffe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**(Kz ]Ɋ& !XKz F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=995d008f-1dfd-407f-aa3a-4308d6191fe2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@Kz ]Ɋ& !XKz F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=995d008f-1dfd-407f-aa3a-4308d6191fe2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@Kz ]Ɋ& !XKz F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=995d008f-1dfd-407f-aa3a-4308d6191fe2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= en@**8Kz ]Ɋ& !XKz F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=995d008f-1dfd-407f-aa3a-4308d6191fe2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8Kz ]Ɋ& !XKz F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=995d008f-1dfd-407f-aa3a-4308d6191fe2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lG8**8Kz ]Ɋ& !XKz F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=995d008f-1dfd-407f-aa3a-4308d6191fe2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**Kz ]Ɋ& !Kz F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=995d008f-1dfd-407f-aa3a-4308d6191fe2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2884a27c-98be-4276-81b8-2482300e471e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='i**z ]Ɋ& !z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=995d008f-1dfd-407f-aa3a-4308d6191fe2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2884a27c-98be-4276-81b8-2482300e471e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | f**X| ]Ɋ& !X| F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=98ab9654-8df7-4503-9d3b-86e8ea0ea983 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p| ]Ɋ& !X| F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=98ab9654-8df7-4503-9d3b-86e8ea0ea983 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=op**p| ]Ɋ& !X| F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=98ab9654-8df7-4503-9d3b-86e8ea0ea983 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,Dp**h| ]Ɋ& !X| F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=98ab9654-8df7-4503-9d3b-86e8ea0ea983 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nabhd | Out-Stri ]Ɋ& d=X| F&cd3ef8e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 Xx7¼EElfChnk[䯜Mu=VysMc&&**h | ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!X| F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=98ab9654-8df7-4503-9d3b-86e8ea0ea983 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h| ]Ɋ& !X| F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=98ab9654-8df7-4503-9d3b-86e8ea0ea983 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**| ]Ɋ&  !| F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=98ab9654-8df7-4503-9d3b-86e8ea0ea983 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a3d6254c-a057-4f6b-9702-6ce14c4d49e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**Q| ]Ɋ& !Q| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=98ab9654-8df7-4503-9d3b-86e8ea0ea983 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a3d6254c-a057-4f6b-9702-6ce14c4d49e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**Q| ]Ɋ& '!XQ| F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b62759fe-9262-41af-a3e4-5101c9b77e25 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**Q| ]Ɋ& ?!XQ| F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b62759fe-9262-41af-a3e4-5101c9b77e25 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**Q| ]Ɋ& ;!XQ| F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b62759fe-9262-41af-a3e4-5101c9b77e25 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=146**Q| ]Ɋ& 3!XQ| F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b62759fe-9262-41af-a3e4-5101c9b77e25 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Q| ]Ɋ& 3!XQ| F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b62759fe-9262-41af-a3e4-5101c9b77e25 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6b6**½Q| ]Ɋ& 5!XQ|½ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b62759fe-9262-41af-a3e4-5101c9b77e25 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0ýQ| ]Ɋ& !Q|ý F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b62759fe-9262-41af-a3e4-5101c9b77e25 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=943101de-a52e-4ce4-898f-d687a047aaaa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@Ľ~} ]Ɋ& !~}Ľ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b62759fe-9262-41af-a3e4-5101c9b77e25 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=943101de-a52e-4ce4-898f-d687a047aaaa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Ž"*/ ]Ɋ& )!X"*/Ž F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b5b1fc0c-308a-46eb-aeb1-a66cf7a3cc15 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **ƽ"*/ ]Ɋ& A!X"*/ƽ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b5b1fc0c-308a-46eb-aeb1-a66cf7a3cc15 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**ǽ"*/ ]Ɋ& =!X"*/ǽ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b5b1fc0c-308a-46eb-aeb1-a66cf7a3cc15 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**Ƚ"*/ ]Ɋ& 5!X"*/Ƚ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b5b1fc0c-308a-46eb-aeb1-a66cf7a3cc15 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**ɽ"*/ ]Ɋ& 5!X"*/ɽ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b5b1fc0c-308a-46eb-aeb1-a66cf7a3cc15 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**ʽ"*/ ]Ɋ& 7!X"*/ʽ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b5b1fc0c-308a-46eb-aeb1-a66cf7a3cc15 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0˽"*/ ]Ɋ& !"*/˽ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b5b1fc0c-308a-46eb-aeb1-a66cf7a3cc15 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9fc373e4-d376-4a4b-9060-592267f44144 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@̽/ ]Ɋ& !/̽ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b5b1fc0c-308a-46eb-aeb1-a66cf7a3cc15 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9fc373e4-d376-4a4b-9060-592267f44144 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**Xͽ/ ]Ɋ& !X/ͽ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=422293a0-02d5-497d-bc6c-1be3a2ee8b2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pν/ ]Ɋ& !X/ν F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=422293a0-02d5-497d-bc6c-1be3a2ee8b2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**hϽ/ ]Ɋ& !X/Ͻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=422293a0-02d5-497d-bc6c-1be3a2ee8b2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`н/ ]Ɋ& !X/н F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=422293a0-02d5-497d-bc6c-1be3a2ee8b2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`ѽ/ ]Ɋ& !X/ѽ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=422293a0-02d5-497d-bc6c-1be3a2ee8b2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hҽ/ ]Ɋ& !X/ҽ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=422293a0-02d5-497d-bc6c-1be3a2ee8b2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**ӽ/ ]Ɋ&  !/ӽ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=422293a0-02d5-497d-bc6c-1be3a2ee8b2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=39a7dd89-40a3-4c8c-8f27-58afe6ef9c94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**ԽO[0 ]Ɋ& !O[0Խ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=422293a0-02d5-497d-bc6c-1be3a2ee8b2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=39a7dd89-40a3-4c8c-8f27-58afe6ef9c94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8սO[0 ]Ɋ& !XO[0ս F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=20916078-cfd7-4a27-a516-7eda8025ef02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**PֽO[0 ]Ɋ& !XO[0ֽ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=20916078-cfd7-4a27-a516-7eda8025ef02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P׽O[0 ]Ɋ& !XO[0׽ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=20916078-cfd7-4a27-a516-7eda8025ef02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**HؽO[0 ]Ɋ& !XO[0ؽ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=20916078-cfd7-4a27-a516-7eda8025ef02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HٽO[0 ]Ɋ& !XO[0ٽ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=20916078-cfd7-4a27-a516-7eda8025ef02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HڽO[0 ]Ɋ& !XO[0ڽ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=20916078-cfd7-4a27-a516-7eda8025ef02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**۽O[0 ]Ɋ& !O[0۽ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=20916078-cfd7-4a27-a516-7eda8025ef02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22a222a4-12e6-4a41-97f4-98000acc2001 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**ܽO[0 ]Ɋ& !O[0ܽ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=20916078-cfd7-4a27-a516-7eda8025ef02 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=22a222a4-12e6-4a41-97f4-98000acc2001 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XݽO[0 ]Ɋ& !XO[0ݽ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=934d6ddc-64c8-4657-85b0-22a5ef62535e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**p޽O[0 ]Ɋ& !XO[0޽ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=934d6ddc-64c8-4657-85b0-22a5ef62535e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**h߽O[0 ]Ɋ& !XO[0߽ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=934d6ddc-64c8-4657-85b0-22a5ef62535e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`O[0 ]Ɋ& !XO[0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=934d6ddc-64c8-4657-85b0-22a5ef62535e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`O[0 ]Ɋ& !XO[0 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=934d6ddc-64c8-4657-85b0-22a5ef62535e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`O[0 ]Ɋ& !XO[0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=934d6ddc-64c8-4657-85b0-22a5ef62535e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**O[0 ]Ɋ& !O[0 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=934d6ddc-64c8-4657-85b0-22a5ef62535e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7a81ec3d-5b35-4758-8bda-217a237dc8cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**O[0 ]Ɋ& !O[0 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=934d6ddc-64c8-4657-85b0-22a5ef62535e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7a81ec3d-5b35-4758-8bda-217a237dc8cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(0 ]Ɋ& !X0 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=022816ed-0f38-4ea0-9fe3-636b39a088a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@0 ]Ɋ& !X0 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=022816ed-0f38-4ea0-9fe3-636b39a088a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@0 ]Ɋ& !X0 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=022816ed-0f38-4ea0-9fe3-636b39a088a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@**80 ]Ɋ& !X0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=022816ed-0f38-4ea0-9fe3-636b39a088a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da8**80 ]Ɋ& !X0 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=022816ed-0f38-4ea0-9fe3-636b39a088a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\Un8**80 ]Ɋ& !X0 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=022816ed-0f38-4ea0-9fe3-636b39a088a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on8**0 ]Ɋ& !0 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=022816ed-0f38-4ea0-9fe3-636b39a088a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bd60fe94-01ec-46c3-bc38-57b7dc4f6aca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id CommandNam ]Ɋ&  |1 F&x7¼EElfChnkp% ;?Mu=VysMc&&** |1 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! y!|1 F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=022816ed-0f38-4ea0-9fe3-636b39a088a6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bd60fe94-01ec-46c3-bc38-57b7dc4f6aca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X2 ]Ɋ& !X2 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8325c3f0-0118-4c2c-bc64-1ec04cca580b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sX**p2 ]Ɋ& !X2 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8325c3f0-0118-4c2c-bc64-1ec04cca580b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p2 ]Ɋ& !X2 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8325c3f0-0118-4c2c-bc64-1ec04cca580b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izep**h2 ]Ɋ& !X2 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8325c3f0-0118-4c2c-bc64-1ec04cca580b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h2 ]Ɋ& !X2 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8325c3f0-0118-4c2c-bc64-1ec04cca580b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**h2 ]Ɋ& !X2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8325c3f0-0118-4c2c-bc64-1ec04cca580b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Q|h**2 ]Ɋ&  !2 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8325c3f0-0118-4c2c-bc64-1ec04cca580b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a5fe2424-0e86-4fff-96f6-615638c9352b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**2 ]Ɋ& !2 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8325c3f0-0118-4c2c-bc64-1ec04cca580b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a5fe2424-0e86-4fff-96f6-615638c9352b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**?V3 ]Ɋ& '!X?V3 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c76c92a-40b5-4164-819a-f1bd08c2e4a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**?V3 ]Ɋ& ?!X?V3 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c76c92a-40b5-4164-819a-f1bd08c2e4a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**?V3 ]Ɋ& ;!X?V3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c76c92a-40b5-4164-819a-f1bd08c2e4a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta**?V3 ]Ɋ& 3!X?V3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c76c92a-40b5-4164-819a-f1bd08c2e4a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**?V3 ]Ɋ& 3!X?V3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c76c92a-40b5-4164-819a-f1bd08c2e4a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate**?V3 ]Ɋ& 5!X?V3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c76c92a-40b5-4164-819a-f1bd08c2e4a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**0?V3 ]Ɋ& !?V3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c76c92a-40b5-4164-819a-f1bd08c2e4a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=01fa518d-f676-4b5a-ac0a-e7492cd1f8ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st0**@3 ]Ɋ& !3 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c76c92a-40b5-4164-819a-f1bd08c2e4a0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=01fa518d-f676-4b5a-ac0a-e7492cd1f8ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam@**b ]Ɋ& )!Xb F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5a7928a4-5aaa-43a5-b39f-e65ae408b0df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**b ]Ɋ& A!Xb F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5a7928a4-5aaa-43a5-b39f-e65ae408b0df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**b ]Ɋ& =!Xb F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5a7928a4-5aaa-43a5-b39f-e65ae408b0df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**b ]Ɋ& 5!Xb F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5a7928a4-5aaa-43a5-b39f-e65ae408b0df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**b ]Ɋ& 5!Xb F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5a7928a4-5aaa-43a5-b39f-e65ae408b0df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**b ]Ɋ& 7!Xb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5a7928a4-5aaa-43a5-b39f-e65ae408b0df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0b ]Ɋ& !b F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5a7928a4-5aaa-43a5-b39f-e65ae408b0df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=65d6a5d9-80a8-4510-ae37-3f09eb501cfb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@> ]Ɋ& !> F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5a7928a4-5aaa-43a5-b39f-e65ae408b0df HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=65d6a5d9-80a8-4510-ae37-3f09eb501cfb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8933027c-6636-44cb-b364-afbcc6fbfb94 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8933027c-6636-44cb-b364-afbcc6fbfb94 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8933027c-6636-44cb-b364-afbcc6fbfb94 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8933027c-6636-44cb-b364-afbcc6fbfb94 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`  ]Ɋ& !X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8933027c-6636-44cb-b364-afbcc6fbfb94 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h  ]Ɋ& !X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8933027c-6636-44cb-b364-afbcc6fbfb94 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**  ]Ɋ&  !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8933027c-6636-44cb-b364-afbcc6fbfb94 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=066ae9f7-810f-4e06-bd7e-fdd505d40c0f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8933027c-6636-44cb-b364-afbcc6fbfb94 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=066ae9f7-810f-4e06-bd7e-fdd505d40c0f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ew**8  ]Ɋ& !X  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6ae62fc7-affc-4e43-909f-c56bfdac4430 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6ae62fc7-affc-4e43-909f-c56bfdac4430 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6ae62fc7-affc-4e43-909f-c56bfdac4430 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6ae62fc7-affc-4e43-909f-c56bfdac4430 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6ae62fc7-affc-4e43-909f-c56bfdac4430 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6ae62fc7-affc-4e43-909f-c56bfdac4430 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6ae62fc7-affc-4e43-909f-c56bfdac4430 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2fd4bd75-3132-4927-a925-c6fe5c405b83 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6ae62fc7-affc-4e43-909f-c56bfdac4430 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2fd4bd75-3132-4927-a925-c6fe5c405b83 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X%p ]Ɋ& !X%p F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1f946544-061c-49d6-81e0-61a366948b9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPatX**p%p ]Ɋ& !X%p F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1f946544-061c-49d6-81e0-61a366948b9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginp**h%p ]Ɋ& !X%p F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1f946544-061c-49d6-81e0-61a366948b9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alh**`%p ]Ɋ& !X%p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1f946544-061c-49d6-81e0-61a366948b9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fi`**`%p ]Ɋ& !X%p F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1f946544-061c-49d6-81e0-61a366948b9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`%p ]Ɋ& !X%p F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1f946544-061c-49d6-81e0-61a366948b9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**%p ]Ɋ& !%p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1f946544-061c-49d6-81e0-61a366948b9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48287af3-0cca-4905-b55c-edc80ef421cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**%p ]Ɋ& !%p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1f946544-061c-49d6-81e0-61a366948b9e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48287af3-0cca-4905-b55c-edc80ef421cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(%p ]Ɋ& !X%p F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e21a7e72-992a-497f-815a-dcee19803883 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(andType= S ]Ɋ&  X%p F&  |1 F&x7¼EElfChnkNN0(Mu=VysMc&&**H %p ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! '!X%p F&F%g>9{p(xlMD EventDatauoData !BinarytEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e21a7e72-992a-497f-815a-dcee19803883 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptH **@%p ]Ɋ& !X%p F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e21a7e72-992a-497f-815a-dcee19803883 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIn@**8 %p ]Ɋ& !X%p  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e21a7e72-992a-497f-815a-dcee19803883 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=isp8**8!%p ]Ɋ& !X%p! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e21a7e72-992a-497f-815a-dcee19803883 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8"%p ]Ɋ& !X%p" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e21a7e72-992a-497f-815a-dcee19803883 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc8**#%p ]Ɋ& !%p# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e21a7e72-992a-497f-815a-dcee19803883 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6867d590-f6ea-47a7-8589-94ddd4a58e60 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$ ]Ɋ& !$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e21a7e72-992a-497f-815a-dcee19803883 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6867d590-f6ea-47a7-8589-94ddd4a58e60 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa**X% ]Ɋ& !X% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e8cb477d-df0b-437d-b7dd-cc15af1689ac HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p& ]Ɋ& !X& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e8cb477d-df0b-437d-b7dd-cc15af1689ac HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p' ]Ɋ& !X' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e8cb477d-df0b-437d-b7dd-cc15af1689ac HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5fep**h( ]Ɋ& !X( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e8cb477d-df0b-437d-b7dd-cc15af1689ac HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**h) ]Ɋ& !X) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e8cb477d-df0b-437d-b7dd-cc15af1689ac HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=?V3h**h* ]Ɋ& !X* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e8cb477d-df0b-437d-b7dd-cc15af1689ac HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**+ ]Ɋ&  !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e8cb477d-df0b-437d-b7dd-cc15af1689ac HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fb29d72-03fc-4802-b964-f4e63352abfb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**,k ]Ɋ& !k, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e8cb477d-df0b-437d-b7dd-cc15af1689ac HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fb29d72-03fc-4802-b964-f4e63352abfb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wers**-k ]Ɋ& '!Xk- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b5919928-b99b-4475-bc92-99f1c41dd78a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**.k ]Ɋ& ?!Xk. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b5919928-b99b-4475-bc92-99f1c41dd78a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**/k ]Ɋ& ;!Xk/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b5919928-b99b-4475-bc92-99f1c41dd78a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**0k ]Ɋ& 3!Xk0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b5919928-b99b-4475-bc92-99f1c41dd78a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**1k ]Ɋ& 3!Xk1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b5919928-b99b-4475-bc92-99f1c41dd78a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**2k ]Ɋ& 5!Xk2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b5919928-b99b-4475-bc92-99f1c41dd78a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **03k ]Ɋ& !k3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b5919928-b99b-4475-bc92-99f1c41dd78a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b96737f7-91e5-4f79-8abf-bda6d581bcc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=df0**@4  ]Ɋ& ! 4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b5919928-b99b-4475-bc92-99f1c41dd78a HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b96737f7-91e5-4f79-8abf-bda6d581bcc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**5  ]Ɋ& )!X 5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f94c9a64-9803-4de9-ad89-af28aba0f07d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam**6  ]Ɋ& A!X 6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f94c9a64-9803-4de9-ad89-af28aba0f07d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**7  ]Ɋ& =!X 7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f94c9a64-9803-4de9-ad89-af28aba0f07d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= A**8  ]Ɋ& 5!X 8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f94c9a64-9803-4de9-ad89-af28aba0f07d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**9  ]Ɋ& 5!X 9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f94c9a64-9803-4de9-ad89-af28aba0f07d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**:  ]Ɋ& 7!X : F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f94c9a64-9803-4de9-ad89-af28aba0f07d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0;2?  ]Ɋ& !2? ; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f94c9a64-9803-4de9-ad89-af28aba0f07d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1334662-3dd8-4c0e-86b3-85b9e6b13e3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@<  ]Ɋ& ! < F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f94c9a64-9803-4de9-ad89-af28aba0f07d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e1334662-3dd8-4c0e-86b3-85b9e6b13e3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X=_p  ]Ɋ& !X_p = F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1eefcc89-71d8-44f4-85f7-05a49c8ad8c9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p>_p  ]Ɋ& !X_p > F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1eefcc89-71d8-44f4-85f7-05a49c8ad8c9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h?_p  ]Ɋ& !X_p ? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1eefcc89-71d8-44f4-85f7-05a49c8ad8c9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`@_p  ]Ɋ& !X_p @ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1eefcc89-71d8-44f4-85f7-05a49c8ad8c9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`A_p  ]Ɋ& !X_p A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1eefcc89-71d8-44f4-85f7-05a49c8ad8c9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hB_p  ]Ɋ& !X_p B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1eefcc89-71d8-44f4-85f7-05a49c8ad8c9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**C_p  ]Ɋ&  !_p C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1eefcc89-71d8-44f4-85f7-05a49c8ad8c9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66e59525-9f52-4b4f-933e-d641618fa17e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Non**D_p  ]Ɋ& !_p D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1eefcc89-71d8-44f4-85f7-05a49c8ad8c9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=66e59525-9f52-4b4f-933e-d641618fa17e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8E_p  ]Ɋ& !X_p E F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30a8cfb3-7f61-4db8-8207-dcc3c1650283 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s 8**PF_p  ]Ɋ& !X_p F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30a8cfb3-7f61-4db8-8207-dcc3c1650283 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNP**PG_p  ]Ɋ& !X_p G F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30a8cfb3-7f61-4db8-8207-dcc3c1650283 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StaP**HH_p  ]Ɋ& !X_p H F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30a8cfb3-7f61-4db8-8207-dcc3c1650283 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HI_p  ]Ɋ& !X_p I F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30a8cfb3-7f61-4db8-8207-dcc3c1650283 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HJ_p  ]Ɋ& !X_p J F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30a8cfb3-7f61-4db8-8207-dcc3c1650283 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=%H**K_p  ]Ɋ& !_p K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30a8cfb3-7f61-4db8-8207-dcc3c1650283 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=19a0c360-d6e8-4b1b-bb18-3df59b1e536e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**L  ]Ɋ& ! L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30a8cfb3-7f61-4db8-8207-dcc3c1650283 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=19a0c360-d6e8-4b1b-bb18-3df59b1e536e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XM  ]Ɋ& !X M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=94291a13-f111-49ae-9d1b-0cc2d782e609 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pN  ]Ɋ& !X N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=94291a13-f111-49ae-9d1b-0cc2d782e609 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndTyp= ScriptNa ]Ɋ& = X O F&  X%p F&  |1 F&x7¼EElfChnkOO(x(krMu=VysMc&&**pO  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X O F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=94291a13-f111-49ae-9d1b-0cc2d782e609 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**`P  ]Ɋ& !X P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=94291a13-f111-49ae-9d1b-0cc2d782e609 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io`**`Q  ]Ɋ& !X Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=94291a13-f111-49ae-9d1b-0cc2d782e609 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le`**`R  ]Ɋ& !X R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=94291a13-f111-49ae-9d1b-0cc2d782e609 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**S  ]Ɋ& ! S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=94291a13-f111-49ae-9d1b-0cc2d782e609 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d7e33165-c9d3-4104-bb62-a4966f602fe2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**T  ]Ɋ& ! T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=94291a13-f111-49ae-9d1b-0cc2d782e609 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d7e33165-c9d3-4104-bb62-a4966f602fe2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**(U  ]Ɋ& !X U F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb74c31b-69ea-463d-bde0-af4e75af06ba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@V  ]Ɋ& !X V F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb74c31b-69ea-463d-bde0-af4e75af06ba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@W  ]Ɋ& !X W F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb74c31b-69ea-463d-bde0-af4e75af06ba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 6@**8X  ]Ɋ& !X X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb74c31b-69ea-463d-bde0-af4e75af06ba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8Y  ]Ɋ& !X Y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb74c31b-69ea-463d-bde0-af4e75af06ba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nst8**8Z  ]Ɋ& !X Z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb74c31b-69ea-463d-bde0-af4e75af06ba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.08**[  ]Ɋ& ! [ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb74c31b-69ea-463d-bde0-af4e75af06ba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b705bb2d-c238-43e2-ad26-44b258dd5410 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **\#:  ]Ɋ& !#: \ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb74c31b-69ea-463d-bde0-af4e75af06ba HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b705bb2d-c238-43e2-ad26-44b258dd5410 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X]!  ]Ɋ& !X! ] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f08101b9-412b-4a99-acc7-d1e4c819b20a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p^!  ]Ɋ& !X! ^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f08101b9-412b-4a99-acc7-d1e4c819b20a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p_!  ]Ɋ& !X! _ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f08101b9-412b-4a99-acc7-d1e4c819b20a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**h`!  ]Ɋ& !X! ` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f08101b9-412b-4a99-acc7-d1e4c819b20a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**ha!  ]Ɋ& !X! a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f08101b9-412b-4a99-acc7-d1e4c819b20a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**hb!  ]Ɋ& !X! b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f08101b9-412b-4a99-acc7-d1e4c819b20a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**c!  ]Ɋ&  !! c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f08101b9-412b-4a99-acc7-d1e4c819b20a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cce9ffe2-6327-4c2e-9780-3c511d2e98e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**d@f"  ]Ɋ& !@f" d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f08101b9-412b-4a99-acc7-d1e4c819b20a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cce9ffe2-6327-4c2e-9780-3c511d2e98e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= . |**e"  ]Ɋ& '!X" e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c39c966f-b531-420e-bc0d-b2aeb8b27b61 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**f"  ]Ɋ& ?!X" f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c39c966f-b531-420e-bc0d-b2aeb8b27b61 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**g"  ]Ɋ& ;!X" g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c39c966f-b531-420e-bc0d-b2aeb8b27b61 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ba0**h"  ]Ɋ& 3!X" h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c39c966f-b531-420e-bc0d-b2aeb8b27b61 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**i"  ]Ɋ& 3!X" i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c39c966f-b531-420e-bc0d-b2aeb8b27b61 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0f0**j"  ]Ɋ& 5!X" j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c39c966f-b531-420e-bc0d-b2aeb8b27b61 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0k"  ]Ɋ& !" k F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c39c966f-b531-420e-bc0d-b2aeb8b27b61 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=206ed96a-5333-48b2-bbf2-d4f2e5ce20cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@lm#  ]Ɋ& !m# l F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c39c966f-b531-420e-bc0d-b2aeb8b27b61 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=206ed96a-5333-48b2-bbf2-d4f2e5ce20cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**m|z  ]Ɋ& )!X|z m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=73958568-b7b6-4e02-bb92-3809e3eed90e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com**n|z  ]Ɋ& A!X|z n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=73958568-b7b6-4e02-bb92-3809e3eed90e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= **o|z  ]Ɋ& =!X|z o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=73958568-b7b6-4e02-bb92-3809e3eed90e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut**p|z  ]Ɋ& 5!X|z p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=73958568-b7b6-4e02-bb92-3809e3eed90e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 **q|z  ]Ɋ& 5!X|z q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=73958568-b7b6-4e02-bb92-3809e3eed90e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**r|z  ]Ɋ& 7!X|z r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=73958568-b7b6-4e02-bb92-3809e3eed90e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0s|z  ]Ɋ& !|z s F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=73958568-b7b6-4e02-bb92-3809e3eed90e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4593341-6e8d-436f-9fbc-1478d1ee5b28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@t{  ]Ɋ& !{ t F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=73958568-b7b6-4e02-bb92-3809e3eed90e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4593341-6e8d-436f-9fbc-1478d1ee5b28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=top@**Xu{  ]Ɋ& !X{ u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7fdb6be0-44c8-4ef4-9d05-06aaf23cda70 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pv{  ]Ɋ& !X{ v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7fdb6be0-44c8-4ef4-9d05-06aaf23cda70 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stp**hw{  ]Ɋ& !X{ w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7fdb6be0-44c8-4ef4-9d05-06aaf23cda70 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`x{  ]Ɋ& !X{ x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7fdb6be0-44c8-4ef4-9d05-06aaf23cda70 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n`**`y{  ]Ɋ& !X{ y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7fdb6be0-44c8-4ef4-9d05-06aaf23cda70 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**hz{  ]Ɋ& !X{ z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7fdb6be0-44c8-4ef4-9d05-06aaf23cda70 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Stah**{@g|  ]Ɋ&  !@g| { F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7fdb6be0-44c8-4ef4-9d05-06aaf23cda70 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9e2be4d-6022-4036-b889-da5f61d88f14 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**|@g|  ]Ɋ& !@g| | F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7fdb6be0-44c8-4ef4-9d05-06aaf23cda70 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9e2be4d-6022-4036-b889-da5f61d88f14 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**8}@g|  ]Ɋ& !X@g| } F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=419ae92a-c02c-4086-9214-0ddd4c8b42dd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**P~@g|  ]Ɋ& !X@g| ~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=419ae92a-c02c-4086-9214-0ddd4c8b42dd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ueP**P@g|  ]Ɋ& !X@g|  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=419ae92a-c02c-4086-9214-0ddd4c8b42dd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P  ]Ɋ& F&x7¼XElfChnk07F/` ;Mu=VysMc&&**H@g|  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X@g|  F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=419ae92a-c02c-4086-9214-0ddd4c8b42dd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H@g|  ]Ɋ& !X@g|  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=419ae92a-c02c-4086-9214-0ddd4c8b42dd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H@g|  ]Ɋ& !X@g|  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=419ae92a-c02c-4086-9214-0ddd4c8b42dd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**@g|  ]Ɋ& !@g|  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=419ae92a-c02c-4086-9214-0ddd4c8b42dd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a1bb3a0-dcac-4f0d-8ded-04d9513df6a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**|  ]Ɋ& !|  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=419ae92a-c02c-4086-9214-0ddd4c8b42dd HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a1bb3a0-dcac-4f0d-8ded-04d9513df6a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**X|  ]Ɋ& !X|  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=43deba9e-e7d9-42ae-ba91-e97c8b22de13 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**p|  ]Ɋ& !X|  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=43deba9e-e7d9-42ae-ba91-e97c8b22de13 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**h|  ]Ɋ& !X|  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=43deba9e-e7d9-42ae-ba91-e97c8b22de13 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`|  ]Ɋ& !X|  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=43deba9e-e7d9-42ae-ba91-e97c8b22de13 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`|  ]Ɋ& !X|  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=43deba9e-e7d9-42ae-ba91-e97c8b22de13 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`|  ]Ɋ& !X|  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=43deba9e-e7d9-42ae-ba91-e97c8b22de13 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**|  ]Ɋ& !|  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=43deba9e-e7d9-42ae-ba91-e97c8b22de13 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0da52770-83e1-407e-b1d2-ab69962328aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|  ]Ɋ& !|  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=43deba9e-e7d9-42ae-ba91-e97c8b22de13 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0da52770-83e1-407e-b1d2-ab69962328aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **(m}  ]Ɋ& !Xm}  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=78e5d516-5364-4d3e-bf9f-f614a17f7d53 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2(**@m}  ]Ɋ& !Xm}  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=78e5d516-5364-4d3e-bf9f-f614a17f7d53 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@m}  ]Ɋ& !Xm}  F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=78e5d516-5364-4d3e-bf9f-f614a17f7d53 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**8m}  ]Ɋ& !Xm}  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=78e5d516-5364-4d3e-bf9f-f614a17f7d53 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**8m}  ]Ɋ& !Xm}  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=78e5d516-5364-4d3e-bf9f-f614a17f7d53 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**8m}  ]Ɋ& !Xm}  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=78e5d516-5364-4d3e-bf9f-f614a17f7d53 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**m}  ]Ɋ& !m}  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=78e5d516-5364-4d3e-bf9f-f614a17f7d53 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a5185e1a-1bef-4068-ab14-97f136a2c61a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**1~  ]Ɋ& !1~  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=78e5d516-5364-4d3e-bf9f-f614a17f7d53 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a5185e1a-1bef-4068-ab14-97f136a2c61a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**X  ]Ɋ& !X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=752022e7-0b97-4de9-84bc-7d9da73eae98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p  ]Ɋ& !X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=752022e7-0b97-4de9-84bc-7d9da73eae98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p  ]Ɋ& !X  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=752022e7-0b97-4de9-84bc-7d9da73eae98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**h  ]Ɋ& !X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=752022e7-0b97-4de9-84bc-7d9da73eae98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**h  ]Ɋ& !X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=752022e7-0b97-4de9-84bc-7d9da73eae98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h  ]Ɋ& !X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=752022e7-0b97-4de9-84bc-7d9da73eae98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah**  ]Ɋ&  !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=752022e7-0b97-4de9-84bc-7d9da73eae98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9bb2432b-4606-4362-afa4-b69cf81b5e27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**N  ]Ɋ& !N  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=752022e7-0b97-4de9-84bc-7d9da73eae98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9bb2432b-4606-4362-afa4-b69cf81b5e27 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=**&  ]Ɋ& '!X&  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=14678b6e-b8f0-4ebe-9703-ae034fb2658f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**&  ]Ɋ& ?!X&  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=14678b6e-b8f0-4ebe-9703-ae034fb2658f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **&  ]Ɋ& ;!X&  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=14678b6e-b8f0-4ebe-9703-ae034fb2658f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**&  ]Ɋ& 3!X&  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=14678b6e-b8f0-4ebe-9703-ae034fb2658f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou**&  ]Ɋ& 3!X&  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=14678b6e-b8f0-4ebe-9703-ae034fb2658f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti**&  ]Ɋ& 5!X&  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=14678b6e-b8f0-4ebe-9703-ae034fb2658f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0&  ]Ɋ& !&  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=14678b6e-b8f0-4ebe-9703-ae034fb2658f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5104ac26-22d2-44f3-b09f-1819183419c9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@{  ]Ɋ& !{  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=14678b6e-b8f0-4ebe-9703-ae034fb2658f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5104ac26-22d2-44f3-b09f-1819183419c9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1-6e@** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5edf717a-c94b-46d7-ab7f-4742b7950a79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5edf717a-c94b-46d7-ab7f-4742b7950a79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5edf717a-c94b-46d7-ab7f-4742b7950a79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4** ]Ɋ& 5!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5edf717a-c94b-46d7-ab7f-4742b7950a79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=** ]Ɋ& 5!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5edf717a-c94b-46d7-ab7f-4742b7950a79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov** ]Ɋ& 7!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5edf717a-c94b-46d7-ab7f-4742b7950a79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0 ]Ɋ& ! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5edf717a-c94b-46d7-ab7f-4742b7950a79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f70e3f5f-d368-4cd1-a83c-00d706b8dcfe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@]e ]Ɋ& !]e F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5edf717a-c94b-46d7-ab7f-4742b7950a79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f70e3f5f-d368-4cd1-a83c-00d706b8dcfe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=11251a38-b9ae-4b2f-a9c6-deeb5978162d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=11251a38-b9ae-4b2f-a9c6-deeb5978162d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=11251a38-b9ae-4b2f-a9c6-deeb5978162d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=11251a38-b9ae-4b2f-a9c6-deeb5978162d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X F&XElfChnk0_ÖMu=VysMc&&**h ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!X F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=11251a38-b9ae-4b2f-a9c6-deeb5978162d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=11251a38-b9ae-4b2f-a9c6-deeb5978162d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=11251a38-b9ae-4b2f-a9c6-deeb5978162d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7c6926a-eed7-438d-8b4f-dbe5d7179d66 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=11251a38-b9ae-4b2f-a9c6-deeb5978162d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7c6926a-eed7-438d-8b4f-dbe5d7179d66 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0c319bd5-efbd-4cbd-a4ce-959446355398 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0c319bd5-efbd-4cbd-a4ce-959446355398 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0c319bd5-efbd-4cbd-a4ce-959446355398 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0c319bd5-efbd-4cbd-a4ce-959446355398 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0c319bd5-efbd-4cbd-a4ce-959446355398 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0c319bd5-efbd-4cbd-a4ce-959446355398 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0c319bd5-efbd-4cbd-a4ce-959446355398 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59245701-5e2d-46bf-b707-3745806ac880 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0c319bd5-efbd-4cbd-a4ce-959446355398 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=59245701-5e2d-46bf-b707-3745806ac880 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d2064672-16ac-4e4a-a333-d1c0103ee863 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d2064672-16ac-4e4a-a333-d1c0103ee863 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d2064672-16ac-4e4a-a333-d1c0103ee863 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d2064672-16ac-4e4a-a333-d1c0103ee863 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d2064672-16ac-4e4a-a333-d1c0103ee863 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`¾ ]Ɋ& !X¾ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d2064672-16ac-4e4a-a333-d1c0103ee863 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**þ ]Ɋ& !þ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d2064672-16ac-4e4a-a333-d1c0103ee863 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e85d85bd-486b-4553-9ba2-9bfb5832409e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ľ ]Ɋ& !ľ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d2064672-16ac-4e4a-a333-d1c0103ee863 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e85d85bd-486b-4553-9ba2-9bfb5832409e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**(ž ]Ɋ& !Xž F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a3b755a8-a499-45a4-a4ec-d6f29ab83e36 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@ƾ ]Ɋ& !Xƾ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a3b755a8-a499-45a4-a4ec-d6f29ab83e36 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0@**@Ǿ ]Ɋ& !XǾ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a3b755a8-a499-45a4-a4ec-d6f29ab83e36 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**8Ⱦ ]Ɋ& !XȾ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a3b755a8-a499-45a4-a4ec-d6f29ab83e36 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**8ɾ ]Ɋ& !Xɾ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a3b755a8-a499-45a4-a4ec-d6f29ab83e36 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=97-8**8ʾ ]Ɋ& !Xʾ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a3b755a8-a499-45a4-a4ec-d6f29ab83e36 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**˾ ]Ɋ& !˾ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a3b755a8-a499-45a4-a4ec-d6f29ab83e36 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2d73e478-cc88-473a-a34d-9f81bcdc132c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**̾ ]Ɋ& !̾ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a3b755a8-a499-45a4-a4ec-d6f29ab83e36 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2d73e478-cc88-473a-a34d-9f81bcdc132c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**X; ]Ɋ& !X; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=22bf5607-1e9c-47d7-878a-34565c6f6f89 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pξ ]Ɋ& !Xξ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=22bf5607-1e9c-47d7-878a-34565c6f6f89 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**pϾ ]Ɋ& !XϾ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=22bf5607-1e9c-47d7-878a-34565c6f6f89 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**hо ]Ɋ& !Xо F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=22bf5607-1e9c-47d7-878a-34565c6f6f89 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**hѾ ]Ɋ& !XѾ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=22bf5607-1e9c-47d7-878a-34565c6f6f89 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**hҾ ]Ɋ& !XҾ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=22bf5607-1e9c-47d7-878a-34565c6f6f89 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**Ӿ ]Ɋ&  !Ӿ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=22bf5607-1e9c-47d7-878a-34565c6f6f89 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=041f0295-03db-412f-bfba-4e7416cc404e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**Ծ{ ]Ɋ& !{Ծ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=22bf5607-1e9c-47d7-878a-34565c6f6f89 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=041f0295-03db-412f-bfba-4e7416cc404e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio**վ{ ]Ɋ& '!X{վ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8d7854f9-ea24-4e4c-bce0-d11590f625c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**־{ ]Ɋ& ?!X{־ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8d7854f9-ea24-4e4c-bce0-d11590f625c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**׾{ ]Ɋ& ;!X{׾ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8d7854f9-ea24-4e4c-bce0-d11590f625c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne**ؾ{ ]Ɋ& 3!X{ؾ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8d7854f9-ea24-4e4c-bce0-d11590f625c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **پ{ ]Ɋ& 3!X{پ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8d7854f9-ea24-4e4c-bce0-d11590f625c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP**ھ{ ]Ɋ& 5!X{ھ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8d7854f9-ea24-4e4c-bce0-d11590f625c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0۾{ ]Ɋ& !{۾ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8d7854f9-ea24-4e4c-bce0-d11590f625c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=81024872-078a-4b9c-8c2c-f0d38bc5384b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@ܾ ]Ɋ& !ܾ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8d7854f9-ea24-4e4c-bce0-d11590f625c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=81024872-078a-4b9c-8c2c-f0d38bc5384b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**ݾ} ]Ɋ& )!X}ݾ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d2d652ef-042f-446c-ac8b-d271c891662f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**޾} ]Ɋ& A!X}޾ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d2d652ef-042f-446c-ac8b-d271c891662f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**߾} ]Ɋ& =!X}߾ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d2d652ef-042f-446c-ac8b-d271c891662f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**} ]Ɋ& 5!X} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d2d652ef-042f-446c-ac8b-d271c891662f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icX} F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X F&XElfChnkp_R<-Mu=VysMc&&**} ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X} F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d2d652ef-042f-446c-ac8b-d271c891662f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **} ]Ɋ& 7!X} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d2d652ef-042f-446c-ac8b-d271c891662f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0} ]Ɋ& !} F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d2d652ef-042f-446c-ac8b-d271c891662f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e499c999-1cd2-4c7f-89e5-430f616b0f63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@I} ]Ɋ& !I} F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d2d652ef-042f-446c-ac8b-d271c891662f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e499c999-1cd2-4c7f-89e5-430f616b0f63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X} ]Ɋ& !X} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f6709263-d6bc-4655-9424-c7bc305c7611 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p} ]Ɋ& !X} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f6709263-d6bc-4655-9424-c7bc305c7611 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h} ]Ɋ& !X} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f6709263-d6bc-4655-9424-c7bc305c7611 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`} ]Ɋ& !X} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f6709263-d6bc-4655-9424-c7bc305c7611 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`} ]Ɋ& !X} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f6709263-d6bc-4655-9424-c7bc305c7611 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h} ]Ɋ& !X} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f6709263-d6bc-4655-9424-c7bc305c7611 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**} ]Ɋ&  !} F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f6709263-d6bc-4655-9424-c7bc305c7611 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ef2b8762-ec4a-4948-acea-262d73ab15c9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **} ]Ɋ& !} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f6709263-d6bc-4655-9424-c7bc305c7611 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ef2b8762-ec4a-4948-acea-262d73ab15c9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8} ]Ɋ& !X} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7915ecaa-8a93-48c5-a69c-8c7278eb3024 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P} ]Ɋ& !X} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7915ecaa-8a93-48c5-a69c-8c7278eb3024 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P} ]Ɋ& !X} F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7915ecaa-8a93-48c5-a69c-8c7278eb3024 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H} ]Ɋ& !X} F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7915ecaa-8a93-48c5-a69c-8c7278eb3024 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**H} ]Ɋ& !X} F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7915ecaa-8a93-48c5-a69c-8c7278eb3024 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**H} ]Ɋ& !X} F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7915ecaa-8a93-48c5-a69c-8c7278eb3024 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**} ]Ɋ& !} F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7915ecaa-8a93-48c5-a69c-8c7278eb3024 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f001b6e0-98d4-4f9e-b98b-009097b1d37e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**} ]Ɋ& !} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7915ecaa-8a93-48c5-a69c-8c7278eb3024 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f001b6e0-98d4-4f9e-b98b-009097b1d37e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**XDz} ]Ɋ& !XDz} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1951fe7d-3dc7-4c2f-bdb9-5ac2a8ead65a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**pDz} ]Ɋ& !XDz} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1951fe7d-3dc7-4c2f-bdb9-5ac2a8ead65a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**hDz} ]Ɋ& !XDz} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1951fe7d-3dc7-4c2f-bdb9-5ac2a8ead65a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`Dz} ]Ɋ& !XDz} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1951fe7d-3dc7-4c2f-bdb9-5ac2a8ead65a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`Dz} ]Ɋ& !XDz} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1951fe7d-3dc7-4c2f-bdb9-5ac2a8ead65a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`Dz} ]Ɋ& !XDz} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1951fe7d-3dc7-4c2f-bdb9-5ac2a8ead65a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**Dz} ]Ɋ& !Dz} F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1951fe7d-3dc7-4c2f-bdb9-5ac2a8ead65a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aefe328c-f089-499f-b314-7f007985d285 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**Dz} ]Ɋ& !Dz} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1951fe7d-3dc7-4c2f-bdb9-5ac2a8ead65a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aefe328c-f089-499f-b314-7f007985d285 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(Dz} ]Ɋ& !XDz} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=73530d2e-8657-481f-a7a7-27d7fe5b88b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@Dz} ]Ɋ& !XDz} F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=73530d2e-8657-481f-a7a7-27d7fe5b88b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@Dz} ]Ɋ& !XDz} F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=73530d2e-8657-481f-a7a7-27d7fe5b88b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ξ@**8Dz} ]Ɋ& !XDz} F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=73530d2e-8657-481f-a7a7-27d7fe5b88b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8Dz} ]Ɋ& !XDz} F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=73530d2e-8657-481f-a7a7-27d7fe5b88b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8Dz} ]Ɋ& !XDz} F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=73530d2e-8657-481f-a7a7-27d7fe5b88b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**Dz} ]Ɋ& !Dz} F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=73530d2e-8657-481f-a7a7-27d7fe5b88b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bcc13373-827a-4683-9333-0273454357b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**q} ]Ɋ& !q} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=73530d2e-8657-481f-a7a7-27d7fe5b88b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bcc13373-827a-4683-9333-0273454357b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**XD} ]Ɋ& !XD} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=77631935-8cca-40c0-9ff3-d66fef6c7876 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pD} ]Ɋ& !XD} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=77631935-8cca-40c0-9ff3-d66fef6c7876 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pD} ]Ɋ& !XD} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=77631935-8cca-40c0-9ff3-d66fef6c7876 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hD} ]Ɋ& !XD} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=77631935-8cca-40c0-9ff3-d66fef6c7876 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**h D} ]Ɋ& !XD}  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=77631935-8cca-40c0-9ff3-d66fef6c7876 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=590h**h D} ]Ɋ& !XD}  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=77631935-8cca-40c0-9ff3-d66fef6c7876 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch** } ]Ɋ&  !}  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=77631935-8cca-40c0-9ff3-d66fef6c7876 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f1db4957-d1a8-4ed8-bb65-a355cb5423ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im** 4u} ]Ɋ& !4u}  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=77631935-8cca-40c0-9ff3-d66fef6c7876 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f1db4957-d1a8-4ed8-bb65-a355cb5423ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))** } ]Ɋ& '!X }  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2d757f6f-5502-4ea5-82bf-0299fdea8758 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(** } ]Ɋ& ?!X } F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2d757f6f-5502-4ea5-82bf-0299fdea8758 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G** } ]Ɋ& ;!X } F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2d757f6f-5502-4ea5-82bf-0299fdea8758 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** } ]Ɋ& 3!X } F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2d757f6f-5502-4ea5-82bf-0299fdea8758 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion** } ]Ɋ& 3!X } F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2d757f6f-5502-4ea5-82bf-0299fdea8758 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& X } F& F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X F&XElfChnkCCp(WWKrgMu=VysMc&&**  } ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X } F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2d757f6f-5502-4ea5-82bf-0299fdea8758 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=446 **0 } ]Ɋ& ! } F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2d757f6f-5502-4ea5-82bf-0299fdea8758 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=91afc742-cfad-43bd-95d7-0f770080323a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@>} ]Ɋ& !>} F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2d757f6f-5502-4ea5-82bf-0299fdea8758 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=91afc742-cfad-43bd-95d7-0f770080323a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**X ]Ɋ& )!XX F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6ce79ab2-31bf-44a1-9944-897f6ab169af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**X ]Ɋ& A!XX F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6ce79ab2-31bf-44a1-9944-897f6ab169af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **X ]Ɋ& =!XX F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6ce79ab2-31bf-44a1-9944-897f6ab169af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X ]Ɋ& 5!XX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6ce79ab2-31bf-44a1-9944-897f6ab169af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X ]Ɋ& 5!XX F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6ce79ab2-31bf-44a1-9944-897f6ab169af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **X ]Ɋ& 7!XX F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6ce79ab2-31bf-44a1-9944-897f6ab169af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0X ]Ɋ& !X F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6ce79ab2-31bf-44a1-9944-897f6ab169af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=53405069-5091-4773-aadc-74c7de8563df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@ ]Ɋ& ! F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6ce79ab2-31bf-44a1-9944-897f6ab169af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=53405069-5091-4773-aadc-74c7de8563df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eb177b58-fbb5-4d87-bcc2-24a5c665894f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eb177b58-fbb5-4d87-bcc2-24a5c665894f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eb177b58-fbb5-4d87-bcc2-24a5c665894f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`  ]Ɋ& !X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eb177b58-fbb5-4d87-bcc2-24a5c665894f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`! ]Ɋ& !X! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eb177b58-fbb5-4d87-bcc2-24a5c665894f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h" ]Ɋ& !X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eb177b58-fbb5-4d87-bcc2-24a5c665894f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**# ]Ɋ&  !# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eb177b58-fbb5-4d87-bcc2-24a5c665894f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9ca5d66-766a-46cb-9c88-4d8b385620c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**$ ]Ɋ& !$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eb177b58-fbb5-4d87-bcc2-24a5c665894f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9ca5d66-766a-46cb-9c88-4d8b385620c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8%ٺ ]Ɋ& !Xٺ% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=75fe4e19-eaa0-40c8-bb6f-4a791e57cb6b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**P&ٺ ]Ɋ& !Xٺ& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=75fe4e19-eaa0-40c8-bb6f-4a791e57cb6b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**P'ٺ ]Ɋ& !Xٺ' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=75fe4e19-eaa0-40c8-bb6f-4a791e57cb6b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**H(ٺ ]Ɋ& !Xٺ( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=75fe4e19-eaa0-40c8-bb6f-4a791e57cb6b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**H)ٺ ]Ɋ& !Xٺ) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=75fe4e19-eaa0-40c8-bb6f-4a791e57cb6b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ftVoH**H*ٺ ]Ɋ& !Xٺ* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=75fe4e19-eaa0-40c8-bb6f-4a791e57cb6b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ritH**+ٺ ]Ɋ& !ٺ+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=75fe4e19-eaa0-40c8-bb6f-4a791e57cb6b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f233f9e3-cd37-47cb-801e-ee3267bc0522 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**,ٺ ]Ɋ& !ٺ, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=75fe4e19-eaa0-40c8-bb6f-4a791e57cb6b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f233f9e3-cd37-47cb-801e-ee3267bc0522 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**X-pS ]Ɋ& !XpS- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c7436b19-2a24-4369-8cfb-fe3cfdb886be HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US;X**p.pS ]Ɋ& !XpS. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c7436b19-2a24-4369-8cfb-fe3cfdb886be HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostVp**h/pS ]Ɋ& !XpS/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c7436b19-2a24-4369-8cfb-fe3cfdb886be HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`0pS ]Ɋ& !XpS0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c7436b19-2a24-4369-8cfb-fe3cfdb886be HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*`**`1pS ]Ɋ& !XpS1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c7436b19-2a24-4369-8cfb-fe3cfdb886be HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru`**`2pS ]Ɋ& !XpS2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c7436b19-2a24-4369-8cfb-fe3cfdb886be HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**3pS ]Ɋ& !pS3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c7436b19-2a24-4369-8cfb-fe3cfdb886be HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7278784b-ec0f-42a7-a889-19617a3aa0d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**4pS ]Ɋ& !pS4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c7436b19-2a24-4369-8cfb-fe3cfdb886be HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7278784b-ec0f-42a7-a889-19617a3aa0d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(5 ]Ɋ& !X5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=424761a3-a699-4484-97c8-592eed59c505 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8(**@6 ]Ɋ& !X6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=424761a3-a699-4484-97c8-592eed59c505 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3@**@7 ]Ɋ& !X7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=424761a3-a699-4484-97c8-592eed59c505 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**88 ]Ɋ& !X8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=424761a3-a699-4484-97c8-592eed59c505 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**89 ]Ɋ& !X9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=424761a3-a699-4484-97c8-592eed59c505 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8: ]Ɋ& !X: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=424761a3-a699-4484-97c8-592eed59c505 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=424761a3-a699-4484-97c8-592eed59c505 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=93f35975-87d3-4cd4-9d7b-64521ba5452c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**< ]Ɋ& !< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=424761a3-a699-4484-97c8-592eed59c505 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=93f35975-87d3-4cd4-9d7b-64521ba5452c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X= ]Ɋ& !X= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d585645f-c531-47c6-839a-959db21b3da3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p> ]Ɋ& !X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d585645f-c531-47c6-839a-959db21b3da3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p? ]Ɋ& !X? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d585645f-c531-47c6-839a-959db21b3da3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h@ ]Ɋ& !X@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d585645f-c531-47c6-839a-959db21b3da3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hA ]Ɋ& !XA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d585645f-c531-47c6-839a-959db21b3da3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hB ]Ɋ& !XB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d585645f-c531-47c6-839a-959db21b3da3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**C ]Ɋ&  !C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d585645f-c531-47c6-839a-959db21b3da3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b6ee7d43-05e4-4d26-80ca-7229a4c2bdc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sbe.properties ]Ɋ& CuD F&n-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& X } F& F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X F&XElfChnkDvDvx,!/Mu=VysMc&&** D ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !D F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d585645f-c531-47c6-839a-959db21b3da3 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b6ee7d43-05e4-4d26-80ca-7229a4c2bdc7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **E$ ]Ɋ& '!X$E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2c074529-dab0-4c1c-b042-27758e40c706 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**F$ ]Ɋ& ?!X$F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2c074529-dab0-4c1c-b042-27758e40c706 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**G$ ]Ɋ& ;!X$G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2c074529-dab0-4c1c-b042-27758e40c706 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H$ ]Ɋ& 3!X$H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2c074529-dab0-4c1c-b042-27758e40c706 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**I$ ]Ɋ& 3!X$I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2c074529-dab0-4c1c-b042-27758e40c706 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**J$ ]Ɋ& 5!X$J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2c074529-dab0-4c1c-b042-27758e40c706 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0K$ ]Ɋ& !$K F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2c074529-dab0-4c1c-b042-27758e40c706 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=44d55853-2611-42d1-b630-6fa688947d33 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@L ]Ɋ& !L F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2c074529-dab0-4c1c-b042-27758e40c706 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=44d55853-2611-42d1-b630-6fa688947d33 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**M-6 ]Ɋ& )!X-6M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f526e258-e1a8-4f3c-892d-4c5d00c86718 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**N-6 ]Ɋ& A!X-6N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f526e258-e1a8-4f3c-892d-4c5d00c86718 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid**O-6 ]Ɋ& =!X-6O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f526e258-e1a8-4f3c-892d-4c5d00c86718 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**P-6 ]Ɋ& 5!X-6P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f526e258-e1a8-4f3c-892d-4c5d00c86718 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **Q-6 ]Ɋ& 5!X-6Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f526e258-e1a8-4f3c-892d-4c5d00c86718 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==e**R-6 ]Ɋ& 7!X-6R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f526e258-e1a8-4f3c-892d-4c5d00c86718 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0S-6 ]Ɋ& !-6S F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f526e258-e1a8-4f3c-892d-4c5d00c86718 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f855665d-6803-4da3-b1c1-715611689dfa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@T&3.6 ]Ɋ& !&3.6T F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f526e258-e1a8-4f3c-892d-4c5d00c86718 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f855665d-6803-4da3-b1c1-715611689dfa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XU.6 ]Ɋ& !X.6U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f51e505f-df85-45a4-a9dd-b11ddabcd7de HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pV.6 ]Ɋ& !X.6V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f51e505f-df85-45a4-a9dd-b11ddabcd7de HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hW.6 ]Ɋ& !X.6W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f51e505f-df85-45a4-a9dd-b11ddabcd7de HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`X.6 ]Ɋ& !X.6X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f51e505f-df85-45a4-a9dd-b11ddabcd7de HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`Y.6 ]Ɋ& !X.6Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f51e505f-df85-45a4-a9dd-b11ddabcd7de HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**hZ.6 ]Ɋ& !X.6Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f51e505f-df85-45a4-a9dd-b11ddabcd7de HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh**[.6 ]Ɋ&  !.6[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f51e505f-df85-45a4-a9dd-b11ddabcd7de HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a03fda7c-64fe-4b86-9d87-95dda04cde1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped **\.6 ]Ɋ& !.6\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f51e505f-df85-45a4-a9dd-b11ddabcd7de HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a03fda7c-64fe-4b86-9d87-95dda04cde1f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**8].6 ]Ɋ& !X.6] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f59a5a31-06ea-479c-904a-5fbfbd50544b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**P^.6 ]Ɋ& !X.6^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f59a5a31-06ea-479c-904a-5fbfbd50544b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**P_.6 ]Ɋ& !X.6_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f59a5a31-06ea-479c-904a-5fbfbd50544b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**H`.6 ]Ɋ& !X.6` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f59a5a31-06ea-479c-904a-5fbfbd50544b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**Ha.6 ]Ɋ& !X.6a F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f59a5a31-06ea-479c-904a-5fbfbd50544b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hb.6 ]Ɋ& !X.6b F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f59a5a31-06ea-479c-904a-5fbfbd50544b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**c.6 ]Ɋ& !.6c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f59a5a31-06ea-479c-904a-5fbfbd50544b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f601739b-c17d-4519-b377-246672770934 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**dSd/6 ]Ɋ& !Sd/6d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f59a5a31-06ea-479c-904a-5fbfbd50544b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f601739b-c17d-4519-b377-246672770934 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XeSd/6 ]Ɋ& !XSd/6e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=928d828c-89c9-4727-94f6-1dd3849724cb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**pfSd/6 ]Ɋ& !XSd/6f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=928d828c-89c9-4727-94f6-1dd3849724cb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**hgSd/6 ]Ɋ& !XSd/6g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=928d828c-89c9-4727-94f6-1dd3849724cb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`hSd/6 ]Ɋ& !XSd/6h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=928d828c-89c9-4727-94f6-1dd3849724cb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`iSd/6 ]Ɋ& !XSd/6i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=928d828c-89c9-4727-94f6-1dd3849724cb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`jSd/6 ]Ɋ& !XSd/6j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=928d828c-89c9-4727-94f6-1dd3849724cb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**kSd/6 ]Ɋ& !Sd/6k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=928d828c-89c9-4727-94f6-1dd3849724cb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4d9536a-7e13-4545-bc11-98252734cc33 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**lSd/6 ]Ɋ& !Sd/6l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=928d828c-89c9-4727-94f6-1dd3849724cb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b4d9536a-7e13-4545-bc11-98252734cc33 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c **(mSd/6 ]Ɋ& !XSd/6m F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9de6411b-6929-4690-87be-76a1238b49e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@nSd/6 ]Ɋ& !XSd/6n F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9de6411b-6929-4690-87be-76a1238b49e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@oSd/6 ]Ɋ& !XSd/6o F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9de6411b-6929-4690-87be-76a1238b49e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8pSd/6 ]Ɋ& !XSd/6p F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9de6411b-6929-4690-87be-76a1238b49e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8qSd/6 ]Ɋ& !XSd/6q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9de6411b-6929-4690-87be-76a1238b49e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8rSd/6 ]Ɋ& !XSd/6r F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9de6411b-6929-4690-87be-76a1238b49e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8**sSd/6 ]Ɋ& !Sd/6s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9de6411b-6929-4690-87be-76a1238b49e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=627b2e38-48b1-4026-a6b7-02ce34895c83 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**t06 ]Ɋ& !06t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9de6411b-6929-4690-87be-76a1238b49e6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=627b2e38-48b1-4026-a6b7-02ce34895c83 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**Xu86 ]Ɋ& !X86u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=918b44cf-da56-4aff-87af-bfb682bacf01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pv86 ]Ɋ& !X86v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=918b44cf-da56-4aff-87af-bfb682bacf01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX86w F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X F&XElfChnkww:Mu=VysMc&&**p w86 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!X86w F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=918b44cf-da56-4aff-87af-bfb682bacf01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **hx86 ]Ɋ& !X86x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=918b44cf-da56-4aff-87af-bfb682bacf01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hy86 ]Ɋ& !X86y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=918b44cf-da56-4aff-87af-bfb682bacf01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hz86 ]Ɋ& !X86z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=918b44cf-da56-4aff-87af-bfb682bacf01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**{86 ]Ɋ&  !86{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=918b44cf-da56-4aff-87af-bfb682bacf01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cea5b56d-da3a-4a58-a4ec-dad40d033d5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8e**|Q96 ]Ɋ& !Q96| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=918b44cf-da56-4aff-87af-bfb682bacf01 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cea5b56d-da3a-4a58-a4ec-dad40d033d5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De**};6 ]Ɋ& '!X;6} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=13f25d2d-ea5c-45de-b07d-2911c6f38f92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**~;6 ]Ɋ& ?!X;6~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=13f25d2d-ea5c-45de-b07d-2911c6f38f92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**;6 ]Ɋ& ;!X;6 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=13f25d2d-ea5c-45de-b07d-2911c6f38f92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel**;6 ]Ɋ& 3!X;6 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=13f25d2d-ea5c-45de-b07d-2911c6f38f92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**;6 ]Ɋ& 3!X;6 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=13f25d2d-ea5c-45de-b07d-2911c6f38f92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll **;6 ]Ɋ& 5!X;6 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=13f25d2d-ea5c-45de-b07d-2911c6f38f92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0;6 ]Ɋ& !;6 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=13f25d2d-ea5c-45de-b07d-2911c6f38f92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=59cdcb1f-77b9-493e-969c-9a8be45f5ff5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@B<6 ]Ɋ& !B<6 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=13f25d2d-ea5c-45de-b07d-2911c6f38f92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=59cdcb1f-77b9-493e-969c-9a8be45f5ff5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U@**": ]Ɋ& )!X": F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0ee6b3cc-e374-476e-92c6-ca3f0b156e63 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**": ]Ɋ& A!X": F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0ee6b3cc-e374-476e-92c6-ca3f0b156e63 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **": ]Ɋ& =!X": F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0ee6b3cc-e374-476e-92c6-ca3f0b156e63 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**": ]Ɋ& 5!X": F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0ee6b3cc-e374-476e-92c6-ca3f0b156e63 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl**": ]Ɋ& 5!X": F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0ee6b3cc-e374-476e-92c6-ca3f0b156e63 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **": ]Ɋ& 7!X": F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0ee6b3cc-e374-476e-92c6-ca3f0b156e63 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**0": ]Ɋ& !": F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0ee6b3cc-e374-476e-92c6-ca3f0b156e63 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bbbba25-6263-4988-9f2d-614594c2d8d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@OO; ]Ɋ& !OO; F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0ee6b3cc-e374-476e-92c6-ca3f0b156e63 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bbbba25-6263-4988-9f2d-614594c2d8d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**X; ]Ɋ& !X; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7e98d659-4b0b-49a4-a97d-015fa1cc5765 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**p; ]Ɋ& !X; F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7e98d659-4b0b-49a4-a97d-015fa1cc5765 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**h; ]Ɋ& !X; F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7e98d659-4b0b-49a4-a97d-015fa1cc5765 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`; ]Ɋ& !X; F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7e98d659-4b0b-49a4-a97d-015fa1cc5765 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`; ]Ɋ& !X; F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7e98d659-4b0b-49a4-a97d-015fa1cc5765 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**h; ]Ɋ& !X; F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7e98d659-4b0b-49a4-a97d-015fa1cc5765 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**; ]Ɋ&  !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7e98d659-4b0b-49a4-a97d-015fa1cc5765 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=adbf9b7c-cfee-4a74-8d14-5abc96f1687f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5a31**; ]Ɋ& !; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7e98d659-4b0b-49a4-a97d-015fa1cc5765 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=adbf9b7c-cfee-4a74-8d14-5abc96f1687f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=04**8|< ]Ɋ& !X|< F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=423f6831-b6ed-452a-9d6b-be891d615c4c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**P|< ]Ɋ& !X|< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=423f6831-b6ed-452a-9d6b-be891d615c4c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**P|< ]Ɋ& !X|< F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=423f6831-b6ed-452a-9d6b-be891d615c4c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**H|< ]Ɋ& !X|< F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=423f6831-b6ed-452a-9d6b-be891d615c4c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**H|< ]Ɋ& !X|< F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=423f6831-b6ed-452a-9d6b-be891d615c4c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H|< ]Ɋ& !X|< F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=423f6831-b6ed-452a-9d6b-be891d615c4c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**|< ]Ɋ& !|< F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=423f6831-b6ed-452a-9d6b-be891d615c4c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=69f760f6-5575-433b-85f7-320a6b87d818 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**|< ]Ɋ& !|< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=423f6831-b6ed-452a-9d6b-be891d615c4c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=69f760f6-5575-433b-85f7-320a6b87d818 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X= ]Ɋ& !X= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=92bba22f-fc49-458b-b6d6-7176b39d5fb8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**p= ]Ɋ& !X= F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=92bba22f-fc49-458b-b6d6-7176b39d5fb8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h= ]Ɋ& !X= F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=92bba22f-fc49-458b-b6d6-7176b39d5fb8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`= ]Ɋ& !X= F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=92bba22f-fc49-458b-b6d6-7176b39d5fb8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**`= ]Ɋ& !X= F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=92bba22f-fc49-458b-b6d6-7176b39d5fb8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**`= ]Ɋ& !X= F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=92bba22f-fc49-458b-b6d6-7176b39d5fb8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6`**= ]Ɋ& != F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=92bba22f-fc49-458b-b6d6-7176b39d5fb8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c54b580e-42c2-4abf-875b-dfd1b32bf53c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**= ]Ɋ& != F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=92bba22f-fc49-458b-b6d6-7176b39d5fb8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c54b580e-42c2-4abf-875b-dfd1b32bf53c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**(m{? ]Ɋ& !Xm{? F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ddcf8e3b-75f5-4d7b-b666-3f74beff3d5d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@m{? ]Ɋ& !Xm{? F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ddcf8e3b-75f5-4d7b-b666-3f74beff3d5d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@m{? ]Ɋ& !Xm{? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ddcf8e3b-75f5-4d7b-b666-3f74beff3d5d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8m{? ]Ɋ& !Xm{? F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ddcf8e3b-75f5-4d7b-b666-3f74beff3d5d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etXm{? F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unX86w F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X F&XElfChnkڿڿ19"}Mu=VysMc&&**8 m{? ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xm{? F&F%g>9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ddcf8e3b-75f5-4d7b-b666-3f74beff3d5d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8m{? ]Ɋ& !Xm{? F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ddcf8e3b-75f5-4d7b-b666-3f74beff3d5d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**m{? ]Ɋ& !m{? F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ddcf8e3b-75f5-4d7b-b666-3f74beff3d5d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ff6d6cb4-1836-4001-a7e6-8b241f2875ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA**@ ]Ɋ& !@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ddcf8e3b-75f5-4d7b-b666-3f74beff3d5d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ff6d6cb4-1836-4001-a7e6-8b241f2875ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**XkI ]Ɋ& !XkI F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=367ddfa2-5dd0-4609-a29a-e2d4ef846362 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pkI ]Ɋ& !XkI F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=367ddfa2-5dd0-4609-a29a-e2d4ef846362 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4p**pkI ]Ɋ& !XkI F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=367ddfa2-5dd0-4609-a29a-e2d4ef846362 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**hkI ]Ɋ& !XkI F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=367ddfa2-5dd0-4609-a29a-e2d4ef846362 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**hkI ]Ɋ& !XkI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=367ddfa2-5dd0-4609-a29a-e2d4ef846362 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**hkI ]Ɋ& !XkI F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=367ddfa2-5dd0-4609-a29a-e2d4ef846362 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh**kI ]Ɋ&  !kI F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=367ddfa2-5dd0-4609-a29a-e2d4ef846362 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8054f48f-9e08-423b-b0e4-711815bc96ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**6J ]Ɋ& !6J F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=367ddfa2-5dd0-4609-a29a-e2d4ef846362 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8054f48f-9e08-423b-b0e4-711815bc96ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine**J ]Ɋ& '!XJ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=761c7bc2-01ca-4a44-b596-e99b2428aa96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**J ]Ɋ& ?!XJ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=761c7bc2-01ca-4a44-b596-e99b2428aa96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**J ]Ɋ& ;!XJ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=761c7bc2-01ca-4a44-b596-e99b2428aa96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**J ]Ɋ& 3!XJ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=761c7bc2-01ca-4a44-b596-e99b2428aa96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh**J ]Ɋ& 3!XJ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=761c7bc2-01ca-4a44-b596-e99b2428aa96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**J ]Ɋ& 5!XJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=761c7bc2-01ca-4a44-b596-e99b2428aa96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0J ]Ɋ& !J F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=761c7bc2-01ca-4a44-b596-e99b2428aa96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=28c47be7-b2a5-40a4-8075-7a6983e14e92 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@/gK ]Ɋ& !/gK F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=761c7bc2-01ca-4a44-b596-e99b2428aa96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=28c47be7-b2a5-40a4-8075-7a6983e14e92 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@**' ]Ɋ& )!X' F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=14019c37-f6d5-49be-82cd-1a17c9900c19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=97d-**' ]Ɋ& A!X' F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=14019c37-f6d5-49be-82cd-1a17c9900c19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**' ]Ɋ& =!X' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=14019c37-f6d5-49be-82cd-1a17c9900c19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **' ]Ɋ& 5!X' F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=14019c37-f6d5-49be-82cd-1a17c9900c19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**' ]Ɋ& 5!X' F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=14019c37-f6d5-49be-82cd-1a17c9900c19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;**¿' ]Ɋ& 7!X'¿ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=14019c37-f6d5-49be-82cd-1a17c9900c19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0ÿ' ]Ɋ& !'ÿ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=14019c37-f6d5-49be-82cd-1a17c9900c19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6553d895-20c7-4e30-9a2e-b4d825b6afeb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@Ŀ%' ]Ɋ& !%'Ŀ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=14019c37-f6d5-49be-82cd-1a17c9900c19 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6553d895-20c7-4e30-9a2e-b4d825b6afeb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**Xſ8( ]Ɋ& !X8(ſ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ab056762-d454-433b-b550-bf51b037ee2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**pƿ8( ]Ɋ& !X8(ƿ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ab056762-d454-433b-b550-bf51b037ee2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**hǿ8( ]Ɋ& !X8(ǿ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ab056762-d454-433b-b550-bf51b037ee2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**`ȿ8( ]Ɋ& !X8(ȿ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ab056762-d454-433b-b550-bf51b037ee2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`ɿ8( ]Ɋ& !X8(ɿ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ab056762-d454-433b-b550-bf51b037ee2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hʿ8( ]Ɋ& !X8(ʿ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ab056762-d454-433b-b550-bf51b037ee2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh**˿8( ]Ɋ&  !8(˿ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ab056762-d454-433b-b550-bf51b037ee2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=526d2c1d-8084-4b31-a067-5b35c24580c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe**̿8( ]Ɋ& !8(̿ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ab056762-d454-433b-b550-bf51b037ee2f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=526d2c1d-8084-4b31-a067-5b35c24580c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8ͿR( ]Ɋ& !XR(Ϳ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a9066f25-b250-43af-b7fd-c139a1630791 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**PοR( ]Ɋ& !XR(ο F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a9066f25-b250-43af-b7fd-c139a1630791 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**PϿR( ]Ɋ& !XR(Ͽ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a9066f25-b250-43af-b7fd-c139a1630791 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**HпR( ]Ɋ& !XR(п F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a9066f25-b250-43af-b7fd-c139a1630791 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**HѿR( ]Ɋ& !XR(ѿ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a9066f25-b250-43af-b7fd-c139a1630791 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**HҿR( ]Ɋ& !XR(ҿ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a9066f25-b250-43af-b7fd-c139a1630791 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH**ӿR( ]Ɋ& !R(ӿ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a9066f25-b250-43af-b7fd-c139a1630791 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c87e7958-d237-4d02-950e-db552c5e9d6c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553**ԿR( ]Ɋ& !R(Կ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a9066f25-b250-43af-b7fd-c139a1630791 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c87e7958-d237-4d02-950e-db552c5e9d6c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**Xտi) ]Ɋ& !Xi)տ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=84cadda8-325c-41da-afca-11f33282f34f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**pֿi) ]Ɋ& !Xi)ֿ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=84cadda8-325c-41da-afca-11f33282f34f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h׿i) ]Ɋ& !Xi)׿ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=84cadda8-325c-41da-afca-11f33282f34f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**`ؿi) ]Ɋ& !Xi)ؿ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=84cadda8-325c-41da-afca-11f33282f34f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`ٿi) ]Ɋ& !Xi)ٿ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=84cadda8-325c-41da-afca-11f33282f34f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**`ڿi) ]Ɋ& !Xi)ڿ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=84cadda8-325c-41da-afca-11f33282f34f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnkۿ ۿ `(]fMu=VysMc&&**ۿi) ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !i)ۿ F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=84cadda8-325c-41da-afca-11f33282f34f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e40e6396-5734-4835-8141-f2a717a45ca3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**ܿ* ]Ɋ& !*ܿ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=84cadda8-325c-41da-afca-11f33282f34f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e40e6396-5734-4835-8141-f2a717a45ca3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **(ݿ3+ ]Ɋ& !X3+ݿ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=59a5e127-de3e-4fce-b7dd-d85a2c54315d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@޿3+ ]Ɋ& !X3+޿ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=59a5e127-de3e-4fce-b7dd-d85a2c54315d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@߿3+ ]Ɋ& !X3+߿ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=59a5e127-de3e-4fce-b7dd-d85a2c54315d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**83+ ]Ɋ& !X3+ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=59a5e127-de3e-4fce-b7dd-d85a2c54315d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**83+ ]Ɋ& !X3+ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=59a5e127-de3e-4fce-b7dd-d85a2c54315d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**83+ ]Ɋ& !X3+ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=59a5e127-de3e-4fce-b7dd-d85a2c54315d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**3+ ]Ɋ& !3+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=59a5e127-de3e-4fce-b7dd-d85a2c54315d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=55db8c16-18d0-4f00-bdd4-80ee63b236f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**B+ ]Ɋ& !B+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=59a5e127-de3e-4fce-b7dd-d85a2c54315d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=55db8c16-18d0-4f00-bdd4-80ee63b236f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**Xo, ]Ɋ& !Xo, F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=063c48fd-bb03-4783-a687-c99ad07d3ba9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**po, ]Ɋ& !Xo, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=063c48fd-bb03-4783-a687-c99ad07d3ba9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**po, ]Ɋ& !Xo, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=063c48fd-bb03-4783-a687-c99ad07d3ba9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**ho, ]Ɋ& !Xo, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=063c48fd-bb03-4783-a687-c99ad07d3ba9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**ho, ]Ɋ& !Xo, F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=063c48fd-bb03-4783-a687-c99ad07d3ba9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**ho, ]Ɋ& !Xo, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=063c48fd-bb03-4783-a687-c99ad07d3ba9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah**o, ]Ɋ&  !o, F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=063c48fd-bb03-4783-a687-c99ad07d3ba9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99f09ba7-5d7b-4afb-940d-76ceb7304e5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**- ]Ɋ& !- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=063c48fd-bb03-4783-a687-c99ad07d3ba9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99f09ba7-5d7b-4afb-940d-76ceb7304e5e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**_/ ]Ɋ& '!X_/ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b9e23afe-1dd0-492b-a638-656b5756489d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**_/ ]Ɋ& ?!X_/ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b9e23afe-1dd0-492b-a638-656b5756489d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**_/ ]Ɋ& ;!X_/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b9e23afe-1dd0-492b-a638-656b5756489d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**_/ ]Ɋ& 3!X_/ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b9e23afe-1dd0-492b-a638-656b5756489d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**_/ ]Ɋ& 3!X_/ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b9e23afe-1dd0-492b-a638-656b5756489d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**_/ ]Ɋ& 5!X_/ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b9e23afe-1dd0-492b-a638-656b5756489d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**0_/ ]Ɋ& !_/ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b9e23afe-1dd0-492b-a638-656b5756489d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=54051a29-4ee2-41c6-be6b-9457dd8bdf28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@`/ ]Ɋ& !`/ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b9e23afe-1dd0-492b-a638-656b5756489d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=54051a29-4ee2-41c6-be6b-9457dd8bdf28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**@ ]Ɋ& )!X@ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ccfd001-ffc6-4a10-a278-e953f6cca8de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**@ ]Ɋ& A!X@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ccfd001-ffc6-4a10-a278-e953f6cca8de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4-43**@ ]Ɋ& =!X@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ccfd001-ffc6-4a10-a278-e953f6cca8de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **@ ]Ɋ& 5!X@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ccfd001-ffc6-4a10-a278-e953f6cca8de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**@ ]Ɋ& 5!X@ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ccfd001-ffc6-4a10-a278-e953f6cca8de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@ ]Ɋ& 7!X@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ccfd001-ffc6-4a10-a278-e953f6cca8de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0@ ]Ɋ& !@ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ccfd001-ffc6-4a10-a278-e953f6cca8de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da863ce2-6dd8-43ec-826e-bced7b2f8ffb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@J@ ]Ɋ& !J@ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ccfd001-ffc6-4a10-a278-e953f6cca8de HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da863ce2-6dd8-43ec-826e-bced7b2f8ffb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**XJ@ ]Ɋ& !XJ@ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e3bec4fc-4710-450d-8ead-884a91cc1c97 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**pJ@ ]Ɋ& !XJ@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e3bec4fc-4710-450d-8ead-884a91cc1c97 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**hJ@ ]Ɋ& !XJ@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e3bec4fc-4710-450d-8ead-884a91cc1c97 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**`J@ ]Ɋ& !XJ@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e3bec4fc-4710-450d-8ead-884a91cc1c97 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`J@ ]Ɋ& !XJ@ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e3bec4fc-4710-450d-8ead-884a91cc1c97 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**hJ@ ]Ɋ& !XJ@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e3bec4fc-4710-450d-8ead-884a91cc1c97 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**J@ ]Ɋ&  !J@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e3bec4fc-4710-450d-8ead-884a91cc1c97 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f3f9d41-b638-432b-aa7e-2f0d191fd926 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand**F@ ]Ɋ& !F@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e3bec4fc-4710-450d-8ead-884a91cc1c97 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f3f9d41-b638-432b-aa7e-2f0d191fd926 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8F@ ]Ɋ& !XF@ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f9246f7f-f7c1-4033-bb94-e724ccbcf6c5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**PF@ ]Ɋ& !XF@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f9246f7f-f7c1-4033-bb94-e724ccbcf6c5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PF@ ]Ɋ& !XF@ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f9246f7f-f7c1-4033-bb94-e724ccbcf6c5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**HF@ ]Ɋ& !XF@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f9246f7f-f7c1-4033-bb94-e724ccbcf6c5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**H F@ ]Ɋ& !XF@  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f9246f7f-f7c1-4033-bb94-e724ccbcf6c5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**H F@ ]Ɋ& !XF@  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f9246f7f-f7c1-4033-bb94-e724ccbcf6c5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH** F@ ]Ɋ& !F@  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f9246f7f-f7c1-4033-bb94-e724ccbcf6c5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=014ae297-76e7-4d43-8203-b1ce122b790d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= CommF@ElfChnk ; ;HX)@:Mu=VysMc&&** F@ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !F@  F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f9246f7f-f7c1-4033-bb94-e724ccbcf6c5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=014ae297-76e7-4d43-8203-b1ce122b790d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**X F@ ]Ɋ& !XF@  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5007e11-a61a-4b8f-8c72-d3a5badc7490 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pF@ ]Ɋ& !XF@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5007e11-a61a-4b8f-8c72-d3a5badc7490 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hF@ ]Ɋ& !XF@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5007e11-a61a-4b8f-8c72-d3a5badc7490 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`F@ ]Ɋ& !XF@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5007e11-a61a-4b8f-8c72-d3a5badc7490 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`F@ ]Ɋ& !XF@ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5007e11-a61a-4b8f-8c72-d3a5badc7490 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`F@ ]Ɋ& !XF@ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5007e11-a61a-4b8f-8c72-d3a5badc7490 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**{@ ]Ɋ& !{@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5007e11-a61a-4b8f-8c72-d3a5badc7490 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=378bbd1d-8e78-4171-a8d5-9a0d30d7e689 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=+**{@ ]Ɋ& !{@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5007e11-a61a-4b8f-8c72-d3a5badc7490 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=378bbd1d-8e78-4171-a8d5-9a0d30d7e689 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **({@ ]Ɋ& !X{@ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=011d5df0-c0f6-4631-b3be-52b646251eb2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6(**@{@ ]Ɋ& !X{@ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=011d5df0-c0f6-4631-b3be-52b646251eb2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@{@ ]Ɋ& !X{@ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=011d5df0-c0f6-4631-b3be-52b646251eb2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8{@ ]Ɋ& !X{@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=011d5df0-c0f6-4631-b3be-52b646251eb2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8{@ ]Ɋ& !X{@ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=011d5df0-c0f6-4631-b3be-52b646251eb2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8{@ ]Ɋ& !X{@ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=011d5df0-c0f6-4631-b3be-52b646251eb2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**{@ ]Ɋ& !{@ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=011d5df0-c0f6-4631-b3be-52b646251eb2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f8f648e-2899-4ab7-903b-9c7b31ac5472 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **s@ ]Ɋ& !s@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=011d5df0-c0f6-4631-b3be-52b646251eb2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f8f648e-2899-4ab7-903b-9c7b31ac5472 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**XE@ ]Ɋ& !XE@ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d02c3cf3-5990-4102-a769-feb884088c6d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pE@ ]Ɋ& !XE@ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d02c3cf3-5990-4102-a769-feb884088c6d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pE@ ]Ɋ& !XE@ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d02c3cf3-5990-4102-a769-feb884088c6d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**h E@ ]Ɋ& !XE@  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d02c3cf3-5990-4102-a769-feb884088c6d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**h!E@ ]Ɋ& !XE@! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d02c3cf3-5990-4102-a769-feb884088c6d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**h"E@ ]Ɋ& !XE@" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d02c3cf3-5990-4102-a769-feb884088c6d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**#E@ ]Ɋ&  !E@# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d02c3cf3-5990-4102-a769-feb884088c6d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cec95e74-4abf-42b1-83c4-a53845a70eec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$7ޒ@ ]Ɋ& !7ޒ@$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d02c3cf3-5990-4102-a769-feb884088c6d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cec95e74-4abf-42b1-83c4-a53845a70eec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**%v@ ]Ɋ& '!Xv@% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b4086229-4758-403a-9d3a-5a22a0844c78 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **&v@ ]Ɋ& ?!Xv@& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b4086229-4758-403a-9d3a-5a22a0844c78 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**'v@ ]Ɋ& ;!Xv@' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b4086229-4758-403a-9d3a-5a22a0844c78 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**(v@ ]Ɋ& 3!Xv@( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b4086229-4758-403a-9d3a-5a22a0844c78 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **)v@ ]Ɋ& 3!Xv@) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b4086229-4758-403a-9d3a-5a22a0844c78 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov***v@ ]Ɋ& 5!Xv@* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b4086229-4758-403a-9d3a-5a22a0844c78 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0+v@ ]Ɋ& !v@+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b4086229-4758-403a-9d3a-5a22a0844c78 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=45f1a9bf-cfe2-4262-b2f3-5c2babcbcf4b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@,d@ ]Ɋ& !d@, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b4086229-4758-403a-9d3a-5a22a0844c78 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=45f1a9bf-cfe2-4262-b2f3-5c2babcbcf4b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-bce@**-_u  ]Ɋ& )!X_u - F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4d3bc16c-6d95-49ec-aa43-7630b3d37b01 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**._u  ]Ɋ& A!X_u . F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4d3bc16c-6d95-49ec-aa43-7630b3d37b01 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**/_u  ]Ɋ& =!X_u / F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4d3bc16c-6d95-49ec-aa43-7630b3d37b01 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=88**0_u  ]Ɋ& 5!X_u 0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4d3bc16c-6d95-49ec-aa43-7630b3d37b01 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**1_u  ]Ɋ& 5!X_u 1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4d3bc16c-6d95-49ec-aa43-7630b3d37b01 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**2_u  ]Ɋ& 7!X_u 2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4d3bc16c-6d95-49ec-aa43-7630b3d37b01 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**03  ]Ɋ& ! 3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4d3bc16c-6d95-49ec-aa43-7630b3d37b01 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4176977-e198-42c7-8376-33ae5183db9d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@4  ]Ɋ& ! 4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d3bc16c-6d95-49ec-aa43-7630b3d37b01 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4176977-e198-42c7-8376-33ae5183db9d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X5  ]Ɋ& !X 5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8e2bf31d-7e4a-4402-8b9e-7e4c001d87f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p6  ]Ɋ& !X 6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8e2bf31d-7e4a-4402-8b9e-7e4c001d87f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h7  ]Ɋ& !X 7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8e2bf31d-7e4a-4402-8b9e-7e4c001d87f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`8  ]Ɋ& !X 8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8e2bf31d-7e4a-4402-8b9e-7e4c001d87f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`9  ]Ɋ& !X 9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8e2bf31d-7e4a-4402-8b9e-7e4c001d87f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**h:  ]Ɋ& !X : F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8e2bf31d-7e4a-4402-8b9e-7e4c001d87f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**;  ]Ɋ&  ! ; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8e2bf31d-7e4a-4402-8b9e-7e4c001d87f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4e851e0e-7f28-43c3-90bb-e3fb57756ec9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!F@ ]Ɋ& at#?< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8e2bf31d-7e4a-4402-8b9e-7e4c001d87f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4e851e0e-7f28-43c3-90bb-e3fb57756ec9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk<l<l@,НMu=VysMc&&**<#? ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !#?< F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8e2bf31d-7e4a-4402-8b9e-7e4c001d87f8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4e851e0e-7f28-43c3-90bb-e3fb57756ec9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8=#? ]Ɋ& !X#?= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3c685f8e-6468-4e38-9c2f-621b8c28a1f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**P>#? ]Ɋ& !X#?> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3c685f8e-6468-4e38-9c2f-621b8c28a1f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**P?#? ]Ɋ& !X#?? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3c685f8e-6468-4e38-9c2f-621b8c28a1f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**H@#? ]Ɋ& !X#?@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3c685f8e-6468-4e38-9c2f-621b8c28a1f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**HA#? ]Ɋ& !X#?A F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3c685f8e-6468-4e38-9c2f-621b8c28a1f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**HB#? ]Ɋ& !X#?B F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3c685f8e-6468-4e38-9c2f-621b8c28a1f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**C#? ]Ɋ& !#?C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3c685f8e-6468-4e38-9c2f-621b8c28a1f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03333faf-cb82-4697-8004-6000b9fe7b4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **D#? ]Ɋ& !#?D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3c685f8e-6468-4e38-9c2f-621b8c28a1f0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03333faf-cb82-4697-8004-6000b9fe7b4d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XE#? ]Ɋ& !X#?E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=50188516-7de5-4034-b8ce-84cf4ef934bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**pF#? ]Ɋ& !X#?F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=50188516-7de5-4034-b8ce-84cf4ef934bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**hG#? ]Ɋ& !X#?G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=50188516-7de5-4034-b8ce-84cf4ef934bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3bh**`H#? ]Ɋ& !X#?H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=50188516-7de5-4034-b8ce-84cf4ef934bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**`I#? ]Ɋ& !X#?I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=50188516-7de5-4034-b8ce-84cf4ef934bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`J#? ]Ɋ& !X#?J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=50188516-7de5-4034-b8ce-84cf4ef934bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**K#? ]Ɋ& !#?K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=50188516-7de5-4034-b8ce-84cf4ef934bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2892d90-4446-4f68-8a28-b356a9210d98 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-**L ]Ɋ& !L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=50188516-7de5-4034-b8ce-84cf4ef934bc HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2892d90-4446-4f68-8a28-b356a9210d98 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**(M ]Ɋ& !XM F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2006e70a-6b9d-4e1a-b4d7-d659c4c732cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@N ]Ɋ& !XN F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2006e70a-6b9d-4e1a-b4d7-d659c4c732cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@O ]Ɋ& !XO F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2006e70a-6b9d-4e1a-b4d7-d659c4c732cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**8P ]Ɋ& !XP F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2006e70a-6b9d-4e1a-b4d7-d659c4c732cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**8Q ]Ɋ& !XQ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2006e70a-6b9d-4e1a-b4d7-d659c4c732cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**8R ]Ɋ& !XR F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2006e70a-6b9d-4e1a-b4d7-d659c4c732cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8**S ]Ɋ& !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2006e70a-6b9d-4e1a-b4d7-d659c4c732cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b6945a47-ae29-4b39-8563-bd8fe0ff1c0d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**TPp ]Ɋ& !PpT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2006e70a-6b9d-4e1a-b4d7-d659c4c732cd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b6945a47-ae29-4b39-8563-bd8fe0ff1c0d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**XU} ]Ɋ& !X}U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e59a228f-db45-4348-b3a2-45bef02fc2bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**pV} ]Ɋ& !X}V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e59a228f-db45-4348-b3a2-45bef02fc2bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**pW} ]Ɋ& !X}W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e59a228f-db45-4348-b3a2-45bef02fc2bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**hX} ]Ɋ& !X}X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e59a228f-db45-4348-b3a2-45bef02fc2bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**hY} ]Ɋ& !X}Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e59a228f-db45-4348-b3a2-45bef02fc2bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**hZ} ]Ɋ& !X}Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e59a228f-db45-4348-b3a2-45bef02fc2bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h**[} ]Ɋ&  !}[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e59a228f-db45-4348-b3a2-45bef02fc2bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b1a44c0d-d7fd-4790-be20-93fb49ce98cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta**\: ]Ɋ& !:\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e59a228f-db45-4348-b3a2-45bef02fc2bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b1a44c0d-d7fd-4790-be20-93fb49ce98cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma**]: ]Ɋ& '!X:] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd81fe-20f9-4c50-a983-9e089660b250 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**^: ]Ɋ& ?!X:^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd81fe-20f9-4c50-a983-9e089660b250 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**_: ]Ɋ& ;!X:_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd81fe-20f9-4c50-a983-9e089660b250 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **`: ]Ɋ& 3!X:` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd81fe-20f9-4c50-a983-9e089660b250 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**a: ]Ɋ& 3!X:a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd81fe-20f9-4c50-a983-9e089660b250 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**b: ]Ɋ& 5!X:b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd81fe-20f9-4c50-a983-9e089660b250 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0c: ]Ɋ& !:c F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd81fe-20f9-4c50-a983-9e089660b250 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fb4a6ab4-0ae1-46ef-baad-542b5d016439 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@d@k ]Ɋ& !@kd F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8dbd81fe-20f9-4c50-a983-9e089660b250 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fb4a6ab4-0ae1-46ef-baad-542b5d016439 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**e " ]Ɋ& )!X "e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6a5f7f0c-24f6-445f-aaa2-7c618ed8fa6f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**f " ]Ɋ& A!X "f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6a5f7f0c-24f6-445f-aaa2-7c618ed8fa6f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**g " ]Ɋ& =!X "g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6a5f7f0c-24f6-445f-aaa2-7c618ed8fa6f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**h " ]Ɋ& 5!X "h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6a5f7f0c-24f6-445f-aaa2-7c618ed8fa6f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**i " ]Ɋ& 5!X "i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6a5f7f0c-24f6-445f-aaa2-7c618ed8fa6f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**j " ]Ɋ& 7!X "j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6a5f7f0c-24f6-445f-aaa2-7c618ed8fa6f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0k" ]Ɋ& !"k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6a5f7f0c-24f6-445f-aaa2-7c618ed8fa6f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dfc1ff91-89cc-462a-a20f-7014ace2e283 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@lM:" ]Ɋ& !M:"l F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6a5f7f0c-24f6-445f-aaa2-7c618ed8fa6f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dfc1ff91-89cc-462a-a20f-7014ace2e283 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b57@6ec9 Pipel ]Ɋ& meXM:"m F&e=ElfChnkmmHh[vMu=VysMc&&**XmM:" ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!XM:"m F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=01bf0bfe-8513-4da2-b4b8-df439cd82465 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pnM:" ]Ɋ& !XM:"n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=01bf0bfe-8513-4da2-b4b8-df439cd82465 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**hoM:" ]Ɋ& !XM:"o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=01bf0bfe-8513-4da2-b4b8-df439cd82465 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`pM:" ]Ɋ& !XM:"p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=01bf0bfe-8513-4da2-b4b8-df439cd82465 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`qM:" ]Ɋ& !XM:"q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=01bf0bfe-8513-4da2-b4b8-df439cd82465 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hrM:" ]Ɋ& !XM:"r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=01bf0bfe-8513-4da2-b4b8-df439cd82465 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h**sM:" ]Ɋ&  !M:"s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=01bf0bfe-8513-4da2-b4b8-df439cd82465 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=edddd231-cd22-4cad-b698-142c356d1e68 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**t" ]Ɋ& !"t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=01bf0bfe-8513-4da2-b4b8-df439cd82465 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=edddd231-cd22-4cad-b698-142c356d1e68 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8u" ]Ɋ& !X"u F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3c435be6-9cf9-4236-b845-40e4b753c1f5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pv" ]Ɋ& !X"v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3c435be6-9cf9-4236-b845-40e4b753c1f5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pw" ]Ɋ& !X"w F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3c435be6-9cf9-4236-b845-40e4b753c1f5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hx" ]Ɋ& !X"x F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3c435be6-9cf9-4236-b845-40e4b753c1f5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HH**Hy" ]Ɋ& !X"y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3c435be6-9cf9-4236-b845-40e4b753c1f5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**Hz" ]Ɋ& !X"z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3c435be6-9cf9-4236-b845-40e4b753c1f5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**{" ]Ɋ& !"{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3c435be6-9cf9-4236-b845-40e4b753c1f5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c1c443f-6af2-49a4-8bea-5c38813041f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=#?**|" ]Ɋ& !"| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3c435be6-9cf9-4236-b845-40e4b753c1f5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c1c443f-6af2-49a4-8bea-5c38813041f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X}zk" ]Ɋ& !Xzk"} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0b2d4321-e8a9-4f06-888b-b2f0527d081e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p~zk" ]Ɋ& !Xzk"~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0b2d4321-e8a9-4f06-888b-b2f0527d081e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**hzk" ]Ɋ& !Xzk" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0b2d4321-e8a9-4f06-888b-b2f0527d081e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`zk" ]Ɋ& !Xzk" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0b2d4321-e8a9-4f06-888b-b2f0527d081e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`zk" ]Ɋ& !Xzk" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0b2d4321-e8a9-4f06-888b-b2f0527d081e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`zk" ]Ɋ& !Xzk" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0b2d4321-e8a9-4f06-888b-b2f0527d081e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**zk" ]Ɋ& !zk" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0b2d4321-e8a9-4f06-888b-b2f0527d081e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=421318d9-741f-4da7-b66a-5577344cfcf6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**zk" ]Ɋ& !zk" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0b2d4321-e8a9-4f06-888b-b2f0527d081e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=421318d9-741f-4da7-b66a-5577344cfcf6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(zk" ]Ɋ& !Xzk" F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d28df878-4b0d-4a31-b533-ecef55e1b62a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@zk" ]Ɋ& !Xzk" F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d28df878-4b0d-4a31-b533-ecef55e1b62a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@zk" ]Ɋ& !Xzk" F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d28df878-4b0d-4a31-b533-ecef55e1b62a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8zk" ]Ɋ& !Xzk" F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d28df878-4b0d-4a31-b533-ecef55e1b62a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8zk" ]Ɋ& !Xzk" F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d28df878-4b0d-4a31-b533-ecef55e1b62a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==e58**8zk" ]Ɋ& !Xzk" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d28df878-4b0d-4a31-b533-ecef55e1b62a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**zk" ]Ɋ& !zk" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d28df878-4b0d-4a31-b533-ecef55e1b62a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=201d7efd-cd56-421f-925d-df61dc605a25 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**" ]Ɋ& !" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d28df878-4b0d-4a31-b533-ecef55e1b62a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=201d7efd-cd56-421f-925d-df61dc605a25 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**X" ]Ɋ& !X" F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=78bfda35-cb1e-46d7-b333-963a1f5ab0af HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**p" ]Ɋ& !X" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=78bfda35-cb1e-46d7-b333-963a1f5ab0af HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**p" ]Ɋ& !X" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=78bfda35-cb1e-46d7-b333-963a1f5ab0af HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**h" ]Ɋ& !X" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=78bfda35-cb1e-46d7-b333-963a1f5ab0af HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**h" ]Ɋ& !X" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=78bfda35-cb1e-46d7-b333-963a1f5ab0af HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h" ]Ɋ& !X" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=78bfda35-cb1e-46d7-b333-963a1f5ab0af HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**" ]Ɋ&  !" F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=78bfda35-cb1e-46d7-b333-963a1f5ab0af HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fcd45d15-cbd2-413d-8842-f004defdc923 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**" ]Ɋ& !" F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=78bfda35-cb1e-46d7-b333-963a1f5ab0af HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fcd45d15-cbd2-413d-8842-f004defdc923 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **.0" ]Ɋ& '!X.0" F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4c2d0a7f-1b8d-4170-b2a3-8a8012cca466 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**.0" ]Ɋ& ?!X.0" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4c2d0a7f-1b8d-4170-b2a3-8a8012cca466 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**.0" ]Ɋ& ;!X.0" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4c2d0a7f-1b8d-4170-b2a3-8a8012cca466 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**.0" ]Ɋ& 3!X.0" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4c2d0a7f-1b8d-4170-b2a3-8a8012cca466 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**.0" ]Ɋ& 3!X.0" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4c2d0a7f-1b8d-4170-b2a3-8a8012cca466 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**.0" ]Ɋ& 5!X.0" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4c2d0a7f-1b8d-4170-b2a3-8a8012cca466 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0.0" ]Ɋ& !.0" F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4c2d0a7f-1b8d-4170-b2a3-8a8012cca466 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f0d4666f-35df-4853-8c53-50a16a72eafe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@" ]Ɋ& !" F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4c2d0a7f-1b8d-4170-b2a3-8a8012cca466 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f0d4666f-35df-4853-8c53-50a16a72eafe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 @pelineId=  ]Ɋ& maXtR$ F&6ec9 Pipel ]Ɋ& meXM:"m F&e=ElfChnkhP2HRQMu=VysMc&&**tR$ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XtR$ F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4450c499-1c6e-4f96-a726-7d0a8532a506 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**tR$ ]Ɋ& A!XtR$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4450c499-1c6e-4f96-a726-7d0a8532a506 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**tR$ ]Ɋ& =!XtR$ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4450c499-1c6e-4f96-a726-7d0a8532a506 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**tR$ ]Ɋ& 5!XtR$ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4450c499-1c6e-4f96-a726-7d0a8532a506 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **tR$ ]Ɋ& 5!XtR$ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4450c499-1c6e-4f96-a726-7d0a8532a506 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=01**tR$ ]Ɋ& 7!XtR$ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4450c499-1c6e-4f96-a726-7d0a8532a506 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0tR$ ]Ɋ& !tR$ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4450c499-1c6e-4f96-a726-7d0a8532a506 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ceae7d43-fa7d-490b-afbb-09d8051cbc0f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@R$ ]Ɋ& !R$ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4450c499-1c6e-4f96-a726-7d0a8532a506 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ceae7d43-fa7d-490b-afbb-09d8051cbc0f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**X8fR$ ]Ɋ& !X8fR$ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e7e9d261-7c6f-4932-a826-1e5bcb93d286 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p8fR$ ]Ɋ& !X8fR$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e7e9d261-7c6f-4932-a826-1e5bcb93d286 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**h8fR$ ]Ɋ& !X8fR$ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e7e9d261-7c6f-4932-a826-1e5bcb93d286 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`8fR$ ]Ɋ& !X8fR$ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e7e9d261-7c6f-4932-a826-1e5bcb93d286 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`8fR$ ]Ɋ& !X8fR$ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e7e9d261-7c6f-4932-a826-1e5bcb93d286 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h8fR$ ]Ɋ& !X8fR$ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e7e9d261-7c6f-4932-a826-1e5bcb93d286 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth**8fR$ ]Ɋ&  !8fR$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e7e9d261-7c6f-4932-a826-1e5bcb93d286 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c3df242-4c19-408f-9672-8abd93d41b5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **8fR$ ]Ɋ& !8fR$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e7e9d261-7c6f-4932-a826-1e5bcb93d286 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c3df242-4c19-408f-9672-8abd93d41b5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8R$ ]Ɋ& !XR$ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b9c8f9f-12bc-46f5-996c-271213d3ffac HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**PR$ ]Ɋ& !XR$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b9c8f9f-12bc-46f5-996c-271213d3ffac HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**PR$ ]Ɋ& !XR$ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b9c8f9f-12bc-46f5-996c-271213d3ffac HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**HR$ ]Ɋ& !XR$ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b9c8f9f-12bc-46f5-996c-271213d3ffac HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**HR$ ]Ɋ& !XR$ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b9c8f9f-12bc-46f5-996c-271213d3ffac HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**HR$ ]Ɋ& !XR$ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b9c8f9f-12bc-46f5-996c-271213d3ffac HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine="H**R$ ]Ɋ& !R$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b9c8f9f-12bc-46f5-996c-271213d3ffac HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=75e849fa-c944-492f-bffd-59056fbe4c46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**R$ ]Ɋ& !R$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b9c8f9f-12bc-46f5-996c-271213d3ffac HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=75e849fa-c944-492f-bffd-59056fbe4c46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XeR$ ]Ɋ& !XeR$ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efd7d87d-e0d2-4335-ac77-c0a8192fb102 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**peR$ ]Ɋ& !XeR$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efd7d87d-e0d2-4335-ac77-c0a8192fb102 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**heR$ ]Ɋ& !XeR$ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efd7d87d-e0d2-4335-ac77-c0a8192fb102 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`eR$ ]Ɋ& !XeR$ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efd7d87d-e0d2-4335-ac77-c0a8192fb102 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**`eR$ ]Ɋ& !XeR$ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efd7d87d-e0d2-4335-ac77-c0a8192fb102 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`eR$ ]Ɋ& !XeR$ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efd7d87d-e0d2-4335-ac77-c0a8192fb102 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**eR$ ]Ɋ& !eR$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efd7d87d-e0d2-4335-ac77-c0a8192fb102 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c44726c-8884-457e-9c55-ab0838f4a797 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **eR$ ]Ɋ& !eR$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efd7d87d-e0d2-4335-ac77-c0a8192fb102 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c44726c-8884-457e-9c55-ab0838f4a797 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(/R$ ]Ɋ& !X/R$ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=deb5965e-b0c4-4cb3-81bc-6cc5f2bf1a03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@/R$ ]Ɋ& !X/R$ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=deb5965e-b0c4-4cb3-81bc-6cc5f2bf1a03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@/R$ ]Ɋ& !X/R$ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=deb5965e-b0c4-4cb3-81bc-6cc5f2bf1a03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8/R$ ]Ɋ& !X/R$ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=deb5965e-b0c4-4cb3-81bc-6cc5f2bf1a03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8/R$ ]Ɋ& !X/R$ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=deb5965e-b0c4-4cb3-81bc-6cc5f2bf1a03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8/R$ ]Ɋ& !X/R$ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=deb5965e-b0c4-4cb3-81bc-6cc5f2bf1a03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**/R$ ]Ɋ& !/R$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=deb5965e-b0c4-4cb3-81bc-6cc5f2bf1a03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a3643cb9-7724-4a90-b5ef-ed90778ec9a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**R$ ]Ɋ& !R$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=deb5965e-b0c4-4cb3-81bc-6cc5f2bf1a03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a3643cb9-7724-4a90-b5ef-ed90778ec9a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **XUR$ ]Ɋ& !XUR$ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4671f2ea-7eaa-4fb6-b492-059e0260eda2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**pUR$ ]Ɋ& !XUR$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4671f2ea-7eaa-4fb6-b492-059e0260eda2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**pUR$ ]Ɋ& !XUR$ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4671f2ea-7eaa-4fb6-b492-059e0260eda2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d15p**hUR$ ]Ɋ& !XUR$ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4671f2ea-7eaa-4fb6-b492-059e0260eda2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**hUR$ ]Ɋ& !XUR$ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4671f2ea-7eaa-4fb6-b492-059e0260eda2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hUR$ ]Ɋ& !XUR$ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4671f2ea-7eaa-4fb6-b492-059e0260eda2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**UR$ ]Ɋ&  !UR$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4671f2ea-7eaa-4fb6-b492-059e0260eda2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3d073f3d-b0f2-4f97-932f-0746d5a3904c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ***R$ ]Ɋ& !*R$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4671f2ea-7eaa-4fb6-b492-059e0260eda2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3d073f3d-b0f2-4f97-932f-0746d5a3904c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell**R$ ]Ɋ& '!XR$ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0ea32c38-a986-4987-98a9-00e907205610 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**R$ ]Ɋ& ?!XR$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0ea32c38-a986-4987-98a9-00e907205610 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-70-b2a3-8a80 ]Ɋ& reXR$ F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f0d4666f-35df-4853-8c53-50a16a72eafe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 @pelineId=  ]Ɋ& maXtR$ F&6ec9 Pipel ]Ɋ& meXM:"m F&e=ElfChnk@& ky/Mu=VysMc&&** R$ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XR$ F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0ea32c38-a986-4987-98a9-00e907205610 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **R$ ]Ɋ& 3!XR$ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0ea32c38-a986-4987-98a9-00e907205610 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**R$ ]Ɋ& 3!XR$ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0ea32c38-a986-4987-98a9-00e907205610 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a85**R$ ]Ɋ& 5!XR$ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0ea32c38-a986-4987-98a9-00e907205610 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0R$ ]Ɋ& !R$ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0ea32c38-a986-4987-98a9-00e907205610 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0bd5a9cb-1d20-4cf8-923f-d9859e641c66 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@\R$ ]Ɋ& !\R$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0ea32c38-a986-4987-98a9-00e907205610 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0bd5a9cb-1d20-4cf8-923f-d9859e641c66 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@**hS7& ]Ɋ& )!XhS7& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=de509358-262d-40af-842f-dc25bacd4c2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **hS7& ]Ɋ& A!XhS7& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=de509358-262d-40af-842f-dc25bacd4c2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta**hS7& ]Ɋ& =!XhS7& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=de509358-262d-40af-842f-dc25bacd4c2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**hS7& ]Ɋ& 5!XhS7& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=de509358-262d-40af-842f-dc25bacd4c2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**hS7& ]Ɋ& 5!XhS7& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=de509358-262d-40af-842f-dc25bacd4c2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve**hS7& ]Ɋ& 7!XhS7& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=de509358-262d-40af-842f-dc25bacd4c2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**0hS7& ]Ɋ& !hS7& F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=de509358-262d-40af-842f-dc25bacd4c2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=901d69bc-3c68-42d8-ab5a-af84e74ec0c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@8& ]Ɋ& !8& F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=de509358-262d-40af-842f-dc25bacd4c2d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=901d69bc-3c68-42d8-ab5a-af84e74ec0c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X8& ]Ɋ& !X8& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3f93fe9d-ecdc-4985-9ec4-352a5e42accc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p8& ]Ɋ& !X8& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3f93fe9d-ecdc-4985-9ec4-352a5e42accc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h8& ]Ɋ& !X8& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3f93fe9d-ecdc-4985-9ec4-352a5e42accc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`8& ]Ɋ& !X8& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3f93fe9d-ecdc-4985-9ec4-352a5e42accc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`8& ]Ɋ& !X8& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3f93fe9d-ecdc-4985-9ec4-352a5e42accc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h8& ]Ɋ& !X8& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3f93fe9d-ecdc-4985-9ec4-352a5e42accc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah**8& ]Ɋ&  !8& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3f93fe9d-ecdc-4985-9ec4-352a5e42accc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=965704a6-d6fe-4af3-83ea-1d09e8241eab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New**+9& ]Ɋ& !+9& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3f93fe9d-ecdc-4985-9ec4-352a5e42accc HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=965704a6-d6fe-4af3-83ea-1d09e8241eab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**8+9& ]Ɋ& !X+9& F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=947cb1ab-3632-49fe-a939-a5836a21509b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**P+9& ]Ɋ& !X+9& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=947cb1ab-3632-49fe-a939-a5836a21509b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**P+9& ]Ɋ& !X+9& F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=947cb1ab-3632-49fe-a939-a5836a21509b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**H+9& ]Ɋ& !X+9& F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=947cb1ab-3632-49fe-a939-a5836a21509b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H+9& ]Ɋ& !X+9& F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=947cb1ab-3632-49fe-a939-a5836a21509b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**H+9& ]Ɋ& !X+9& F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=947cb1ab-3632-49fe-a939-a5836a21509b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**+9& ]Ɋ& !+9& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=947cb1ab-3632-49fe-a939-a5836a21509b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b754ed98-cb52-4b3c-a83d-828b20e76907 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**+9& ]Ɋ& !+9& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=947cb1ab-3632-49fe-a939-a5836a21509b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b754ed98-cb52-4b3c-a83d-828b20e76907 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xµ9& ]Ɋ& !Xµ9& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b8f6cae8-0530-4800-92e2-a80524505c69 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pµ9& ]Ɋ& !Xµ9& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b8f6cae8-0530-4800-92e2-a80524505c69 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**hµ9& ]Ɋ& !Xµ9& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b8f6cae8-0530-4800-92e2-a80524505c69 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`µ9& ]Ɋ& !Xµ9& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b8f6cae8-0530-4800-92e2-a80524505c69 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1a`**`µ9& ]Ɋ& !Xµ9& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b8f6cae8-0530-4800-92e2-a80524505c69 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`µ9& ]Ɋ& !Xµ9& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b8f6cae8-0530-4800-92e2-a80524505c69 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**µ9& ]Ɋ& !µ9& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b8f6cae8-0530-4800-92e2-a80524505c69 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=06833b4a-1b04-402c-bc6e-5b985c0fb109 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**µ9& ]Ɋ& !µ9& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b8f6cae8-0530-4800-92e2-a80524505c69 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=06833b4a-1b04-402c-bc6e-5b985c0fb109 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a90**(XN:& ]Ɋ& !XXN:& F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f4be6248-8ef3-4a69-aad1-6e52cb8a3df0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@XN:& ]Ɋ& !XXN:& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f4be6248-8ef3-4a69-aad1-6e52cb8a3df0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@XN:& ]Ɋ& !XXN:& F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f4be6248-8ef3-4a69-aad1-6e52cb8a3df0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8XN:& ]Ɋ& !XXN:& F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f4be6248-8ef3-4a69-aad1-6e52cb8a3df0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8XN:& ]Ɋ& !XXN:& F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f4be6248-8ef3-4a69-aad1-6e52cb8a3df0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8XN:& ]Ɋ& !XXN:& F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f4be6248-8ef3-4a69-aad1-6e52cb8a3df0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8**XN:& ]Ɋ& !XN:& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f4be6248-8ef3-4a69-aad1-6e52cb8a3df0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=11e252f9-e0cc-43b1-ad1e-22dfdeae846f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**:& ]Ɋ& !:& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f4be6248-8ef3-4a69-aad1-6e52cb8a3df0 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=11e252f9-e0cc-43b1-ad1e-22dfdeae846f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**X<& ]Ɋ& !X<& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=84b17b2b-1b2a-4c76-845b-234f4d62099a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p<& ]Ɋ& !X<& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=84b17b2b-1b2a-4c76-845b-234f4d62099a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p<& ]Ɋ& !X<& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=84b17b2b-1b2a-4c76-845b-234f4d62099a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**h<& ]Ɋ& !X<& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=84b17b2b-1b2a-4c76-845b-234f4d62099a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**h<& ]Ɋ& !X<& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=84b17b2b-1b2a-4c76-845b-234f4d62099a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& X<& F&]Ɋ& meXM:"m F&e=ElfChnk44H/e~RMu=VysMc&&**p <& ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!X<& F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=84b17b2b-1b2a-4c76-845b-234f4d62099a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp **<& ]Ɋ&  !<& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=84b17b2b-1b2a-4c76-845b-234f4d62099a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d41edf68-59a0-47d2-ab62-de487c4b0735 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**II=& ]Ɋ& !II=& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=84b17b2b-1b2a-4c76-845b-234f4d62099a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d41edf68-59a0-47d2-ab62-de487c4b0735 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio**=& ]Ɋ& '!X=& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5602721e-29a0-414d-8616-17bc05f74aed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**=& ]Ɋ& ?!X=& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5602721e-29a0-414d-8616-17bc05f74aed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**=& ]Ɋ& ;!X=& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5602721e-29a0-414d-8616-17bc05f74aed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**=& ]Ɋ& 3!X=& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5602721e-29a0-414d-8616-17bc05f74aed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam** =& ]Ɋ& 3!X=&  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5602721e-29a0-414d-8616-17bc05f74aed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t ** =& ]Ɋ& 5!X=&  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5602721e-29a0-414d-8616-17bc05f74aed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0 =& ]Ɋ& !=&  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5602721e-29a0-414d-8616-17bc05f74aed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1847813f-f430-4ddc-a1e9-e71413d25dc0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=250**@ vz>& ]Ɋ& !vz>&  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5602721e-29a0-414d-8616-17bc05f74aed HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1847813f-f430-4ddc-a1e9-e71413d25dc0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@** d?C) ]Ɋ& )!Xd?C)  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58962950-4d25-4271-91cb-e8253e02821a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**d?C) ]Ɋ& A!Xd?C) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58962950-4d25-4271-91cb-e8253e02821a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**d?C) ]Ɋ& =!Xd?C) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58962950-4d25-4271-91cb-e8253e02821a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**d?C) ]Ɋ& 5!Xd?C) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58962950-4d25-4271-91cb-e8253e02821a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**d?C) ]Ɋ& 5!Xd?C) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58962950-4d25-4271-91cb-e8253e02821a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**d?C) ]Ɋ& 7!Xd?C) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58962950-4d25-4271-91cb-e8253e02821a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0d?C) ]Ɋ& !d?C) F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58962950-4d25-4271-91cb-e8253e02821a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c916dd0b-3f3a-4407-a2aa-1547b62526b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@pD) ]Ɋ& !pD) F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58962950-4d25-4271-91cb-e8253e02821a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c916dd0b-3f3a-4407-a2aa-1547b62526b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&@**XT:F) ]Ɋ& !XT:F) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dc678ae2-cea8-4ebf-baa0-2a0c888631a4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pT:F) ]Ɋ& !XT:F) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dc678ae2-cea8-4ebf-baa0-2a0c888631a4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hT:F) ]Ɋ& !XT:F) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dc678ae2-cea8-4ebf-baa0-2a0c888631a4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`T:F) ]Ɋ& !XT:F) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dc678ae2-cea8-4ebf-baa0-2a0c888631a4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=+`**`T:F) ]Ɋ& !XT:F) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dc678ae2-cea8-4ebf-baa0-2a0c888631a4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hT:F) ]Ɋ& !XT:F) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dc678ae2-cea8-4ebf-baa0-2a0c888631a4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**T:F) ]Ɋ&  !T:F) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dc678ae2-cea8-4ebf-baa0-2a0c888631a4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5ea85415-3fb6-4dc5-90e5-4b3ba43b6bac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**F) ]Ɋ& !F) F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dc678ae2-cea8-4ebf-baa0-2a0c888631a4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5ea85415-3fb6-4dc5-90e5-4b3ba43b6bac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8H) ]Ɋ& !XH) F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30bcb3b1-1e12-4c28-bb65-5c5ceb307ca1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**PH) ]Ɋ& !XH) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30bcb3b1-1e12-4c28-bb65-5c5ceb307ca1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**PH) ]Ɋ& !XH) F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30bcb3b1-1e12-4c28-bb65-5c5ceb307ca1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**H H) ]Ɋ& !XH)  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30bcb3b1-1e12-4c28-bb65-5c5ceb307ca1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H!H) ]Ɋ& !XH)! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30bcb3b1-1e12-4c28-bb65-5c5ceb307ca1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9&H**H"H) ]Ɋ& !XH)" F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30bcb3b1-1e12-4c28-bb65-5c5ceb307ca1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**#H) ]Ɋ& !H)# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30bcb3b1-1e12-4c28-bb65-5c5ceb307ca1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=060337ad-5b7f-43c0-a104-573c1940f0aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$H) ]Ɋ& !H)$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30bcb3b1-1e12-4c28-bb65-5c5ceb307ca1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=060337ad-5b7f-43c0-a104-573c1940f0aa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X%J) ]Ɋ& !XJ)% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3daf8c17-2d25-49c3-940a-7c520af1d884 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p&J) ]Ɋ& !XJ)& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3daf8c17-2d25-49c3-940a-7c520af1d884 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h'J) ]Ɋ& !XJ)' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3daf8c17-2d25-49c3-940a-7c520af1d884 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`(J) ]Ɋ& !XJ)( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3daf8c17-2d25-49c3-940a-7c520af1d884 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`)J) ]Ɋ& !XJ)) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3daf8c17-2d25-49c3-940a-7c520af1d884 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`*J) ]Ɋ& !XJ)* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3daf8c17-2d25-49c3-940a-7c520af1d884 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**+J) ]Ɋ& !J)+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3daf8c17-2d25-49c3-940a-7c520af1d884 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2db819b9-af17-4ad4-8dd8-60017684b25b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**,K) ]Ɋ& !K), F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3daf8c17-2d25-49c3-940a-7c520af1d884 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2db819b9-af17-4ad4-8dd8-60017684b25b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(-K) ]Ɋ& !XK)- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b9740d57-09ba-4b1a-9d87-7f9f6b65ae2c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@.K) ]Ɋ& !XK). F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b9740d57-09ba-4b1a-9d87-7f9f6b65ae2c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@/K) ]Ɋ& !XK)/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b9740d57-09ba-4b1a-9d87-7f9f6b65ae2c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**80K) ]Ɋ& !XK)0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b9740d57-09ba-4b1a-9d87-7f9f6b65ae2c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**81K) ]Ɋ& !XK)1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b9740d57-09ba-4b1a-9d87-7f9f6b65ae2c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**82K) ]Ɋ& !XK)2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b9740d57-09ba-4b1a-9d87-7f9f6b65ae2c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**3K) ]Ɋ& !K)3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b9740d57-09ba-4b1a-9d87-7f9f6b65ae2c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=faa4099a-6595-4f33-bfe1-be1d2c22e25c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4L) ]Ɋ& !L)4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b9740d57-09ba-4b1a-9d87-7f9f6b65ae2c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=faa4099a-6595-4f33-bfe1-be1d2c22e25c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& XU)5 F&X<& F&]Ɋ& meXM:"m F&e=ElfChnk5f5fHÃAMu=VysMc&&**` 5U) ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!XU)5 F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=abf2f815-0654-4396-8273-894f16d222da HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **p6U) ]Ɋ& !XU)6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=abf2f815-0654-4396-8273-894f16d222da HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p7U) ]Ɋ& !XU)7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=abf2f815-0654-4396-8273-894f16d222da HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**h8U) ]Ɋ& !XU)8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=abf2f815-0654-4396-8273-894f16d222da HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h9U) ]Ɋ& !XU)9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=abf2f815-0654-4396-8273-894f16d222da HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h:U) ]Ɋ& !XU): F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=abf2f815-0654-4396-8273-894f16d222da HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**;U) ]Ɋ&  !U); F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=abf2f815-0654-4396-8273-894f16d222da HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eff907c2-0f8e-43c8-97ee-9bcc34150842 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**<4RV) ]Ɋ& !4RV)< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=abf2f815-0654-4396-8273-894f16d222da HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eff907c2-0f8e-43c8-97ee-9bcc34150842 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**=X) ]Ɋ& '!XX)= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=20e79017-ced9-455e-b202-6df2d25f971f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**>X) ]Ɋ& ?!XX)> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=20e79017-ced9-455e-b202-6df2d25f971f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**?X) ]Ɋ& ;!XX)? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=20e79017-ced9-455e-b202-6df2d25f971f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1-9**@X) ]Ɋ& 3!XX)@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=20e79017-ced9-455e-b202-6df2d25f971f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**AX) ]Ɋ& 3!XX)A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=20e79017-ced9-455e-b202-6df2d25f971f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=91c**BX) ]Ɋ& 5!XX)B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=20e79017-ced9-455e-b202-6df2d25f971f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0CX) ]Ɋ& !X)C F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=20e79017-ced9-455e-b202-6df2d25f971f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=993ab861-d77d-43a6-9b69-d0c4db744cce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@D$MY) ]Ɋ& !$MY)D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=20e79017-ced9-455e-b202-6df2d25f971f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=993ab861-d77d-43a6-9b69-d0c4db744cce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Ete+ ]Ɋ& )!Xte+E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ccf3ea4d-e36f-4496-8bb2-16bbfe610141 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**Fte+ ]Ɋ& A!Xte+F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ccf3ea4d-e36f-4496-8bb2-16bbfe610141 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **Gte+ ]Ɋ& =!Xte+G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ccf3ea4d-e36f-4496-8bb2-16bbfe610141 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**Hte+ ]Ɋ& 5!Xte+H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ccf3ea4d-e36f-4496-8bb2-16bbfe610141 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**Ite+ ]Ɋ& 5!Xte+I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ccf3ea4d-e36f-4496-8bb2-16bbfe610141 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Jte+ ]Ɋ& 7!Xte+J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ccf3ea4d-e36f-4496-8bb2-16bbfe610141 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0K[ e+ ]Ɋ& ![ e+K F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ccf3ea4d-e36f-4496-8bb2-16bbfe610141 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b8f17ae8-1d60-4f7b-b887-6090ea4c5153 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@Le+ ]Ɋ& !e+L F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ccf3ea4d-e36f-4496-8bb2-16bbfe610141 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b8f17ae8-1d60-4f7b-b887-6090ea4c5153 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**XM>e+ ]Ɋ& !X>e+M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e2af1765-839d-448e-94c1-59529caff915 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pN>e+ ]Ɋ& !X>e+N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e2af1765-839d-448e-94c1-59529caff915 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**hO>e+ ]Ɋ& !X>e+O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e2af1765-839d-448e-94c1-59529caff915 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`P>e+ ]Ɋ& !X>e+P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e2af1765-839d-448e-94c1-59529caff915 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**`Q>e+ ]Ɋ& !X>e+Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e2af1765-839d-448e-94c1-59529caff915 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**hR>e+ ]Ɋ& !X>e+R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e2af1765-839d-448e-94c1-59529caff915 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**S>e+ ]Ɋ&  !>e+S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e2af1765-839d-448e-94c1-59529caff915 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da059051-47eb-4b80-84b6-366d086217eb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**T>e+ ]Ɋ& !>e+T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e2af1765-839d-448e-94c1-59529caff915 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=da059051-47eb-4b80-84b6-366d086217eb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8U>e+ ]Ɋ& !X>e+U F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3d6ef02d-d1c7-4800-a8bc-e610b8f4aa8a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**PV>e+ ]Ɋ& !X>e+V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3d6ef02d-d1c7-4800-a8bc-e610b8f4aa8a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**PW>e+ ]Ɋ& !X>e+W F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3d6ef02d-d1c7-4800-a8bc-e610b8f4aa8a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**HX>e+ ]Ɋ& !X>e+X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3d6ef02d-d1c7-4800-a8bc-e610b8f4aa8a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**HY>e+ ]Ɋ& !X>e+Y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3d6ef02d-d1c7-4800-a8bc-e610b8f4aa8a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**HZ>e+ ]Ɋ& !X>e+Z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3d6ef02d-d1c7-4800-a8bc-e610b8f4aa8a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**[>e+ ]Ɋ& !>e+[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3d6ef02d-d1c7-4800-a8bc-e610b8f4aa8a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7e98301-19b6-4eb9-a13f-677bfce8b2b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **\חe+ ]Ɋ& !חe+\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3d6ef02d-d1c7-4800-a8bc-e610b8f4aa8a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7e98301-19b6-4eb9-a13f-677bfce8b2b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X]חe+ ]Ɋ& !Xחe+] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=606efdec-05ad-4ece-ab59-d3fc8a408ce9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**p^חe+ ]Ɋ& !Xחe+^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=606efdec-05ad-4ece-ab59-d3fc8a408ce9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**h_חe+ ]Ɋ& !Xחe+_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=606efdec-05ad-4ece-ab59-d3fc8a408ce9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**``חe+ ]Ɋ& !Xחe+` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=606efdec-05ad-4ece-ab59-d3fc8a408ce9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`aחe+ ]Ɋ& !Xחe+a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=606efdec-05ad-4ece-ab59-d3fc8a408ce9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`bחe+ ]Ɋ& !Xחe+b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=606efdec-05ad-4ece-ab59-d3fc8a408ce9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**cחe+ ]Ɋ& !חe+c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=606efdec-05ad-4ece-ab59-d3fc8a408ce9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bcc54537-35c7-4bc2-acec-a5f9c6595e5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**dחe+ ]Ɋ& !חe+d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=606efdec-05ad-4ece-ab59-d3fc8a408ce9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bcc54537-35c7-4bc2-acec-a5f9c6595e5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(eoe+ ]Ɋ& !Xoe+e F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e136737d-31e4-4df5-b97e-bfe9ca3d0138 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@foe+ ]Ɋ& !Xoe+f F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e136737d-31e4-4df5-b97e-bfe9ca3d0138 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& Xoe+g F&X<& F&]Ɋ& meXM:"m F&e=ElfChnkggP${Mu=VysMc&&**@ goe+ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!Xoe+g F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e136737d-31e4-4df5-b97e-bfe9ca3d0138 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8hoe+ ]Ɋ& !Xoe+h F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e136737d-31e4-4df5-b97e-bfe9ca3d0138 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8ioe+ ]Ɋ& !Xoe+i F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e136737d-31e4-4df5-b97e-bfe9ca3d0138 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8joe+ ]Ɋ& !Xoe+j F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e136737d-31e4-4df5-b97e-bfe9ca3d0138 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**koe+ ]Ɋ& !oe+k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e136737d-31e4-4df5-b97e-bfe9ca3d0138 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f02c04ac-9768-40c8-b15d-a3f20afcd342 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**lLe+ ]Ɋ& !Le+l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e136737d-31e4-4df5-b97e-bfe9ca3d0138 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f02c04ac-9768-40c8-b15d-a3f20afcd342 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**Xm<e+ ]Ɋ& !X<e+m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ce4f147-6d1a-4096-b856-da8b340ed53f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**pn<e+ ]Ɋ& !X<e+n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ce4f147-6d1a-4096-b856-da8b340ed53f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**po<e+ ]Ɋ& !X<e+o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ce4f147-6d1a-4096-b856-da8b340ed53f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**hp<e+ ]Ɋ& !X<e+p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ce4f147-6d1a-4096-b856-da8b340ed53f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**hq<e+ ]Ɋ& !X<e+q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ce4f147-6d1a-4096-b856-da8b340ed53f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hr<e+ ]Ɋ& !X<e+r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ce4f147-6d1a-4096-b856-da8b340ed53f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**s<e+ ]Ɋ&  !<e+s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ce4f147-6d1a-4096-b856-da8b340ed53f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ca0d09a5-212a-48c4-8558-dfe0c4676701 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**tӛe+ ]Ɋ& !ӛe+t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ce4f147-6d1a-4096-b856-da8b340ed53f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ca0d09a5-212a-48c4-8558-dfe0c4676701 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**u͝e+ ]Ɋ& '!X͝e+u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=878a1ee7-ad5e-4bfe-bf38-10a0c2057ede HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**v͝e+ ]Ɋ& ?!X͝e+v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=878a1ee7-ad5e-4bfe-bf38-10a0c2057ede HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**w͝e+ ]Ɋ& ;!X͝e+w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=878a1ee7-ad5e-4bfe-bf38-10a0c2057ede HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-44**x͝e+ ]Ɋ& 3!X͝e+x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=878a1ee7-ad5e-4bfe-bf38-10a0c2057ede HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****y͝e+ ]Ɋ& 3!X͝e+y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=878a1ee7-ad5e-4bfe-bf38-10a0c2057ede HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=496**z͝e+ ]Ɋ& 5!X͝e+z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=878a1ee7-ad5e-4bfe-bf38-10a0c2057ede HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0{͝e+ ]Ɋ& !͝e+{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=878a1ee7-ad5e-4bfe-bf38-10a0c2057ede HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9940351f-ac67-4a19-a8a4-f1bbeb7cbe61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@|-e+ ]Ɋ& !-e+| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=878a1ee7-ad5e-4bfe-bf38-10a0c2057ede HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9940351f-ac67-4a19-a8a4-f1bbeb7cbe61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**}- ]Ɋ& )!X-} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eb8db2a8-7382-47cb-9ee2-a36fb1600e41 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**~- ]Ɋ& A!X-~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eb8db2a8-7382-47cb-9ee2-a36fb1600e41 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId**- ]Ɋ& =!X- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eb8db2a8-7382-47cb-9ee2-a36fb1600e41 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**- ]Ɋ& 5!X- F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eb8db2a8-7382-47cb-9ee2-a36fb1600e41 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/**- ]Ɋ& 5!X- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eb8db2a8-7382-47cb-9ee2-a36fb1600e41 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f9**- ]Ɋ& 7!X- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eb8db2a8-7382-47cb-9ee2-a36fb1600e41 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0- ]Ɋ& !- F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eb8db2a8-7382-47cb-9ee2-a36fb1600e41 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9cddeb9d-0ca3-4fb2-b797-4729316d77e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@w[- ]Ɋ& !w[- F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eb8db2a8-7382-47cb-9ee2-a36fb1600e41 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9cddeb9d-0ca3-4fb2-b797-4729316d77e7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**X- ]Ɋ& !X- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=be5fc527-4db4-4841-8ff2-78d46b85cd4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p- ]Ɋ& !X- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=be5fc527-4db4-4841-8ff2-78d46b85cd4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h- ]Ɋ& !X- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=be5fc527-4db4-4841-8ff2-78d46b85cd4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`- ]Ɋ& !X- F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=be5fc527-4db4-4841-8ff2-78d46b85cd4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`- ]Ɋ& !X- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=be5fc527-4db4-4841-8ff2-78d46b85cd4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**h- ]Ɋ& !X- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=be5fc527-4db4-4841-8ff2-78d46b85cd4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**- ]Ɋ&  !- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=be5fc527-4db4-4841-8ff2-78d46b85cd4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=acec1f34-cd99-4fdb-a80d-4aab2b761f72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**- ]Ɋ& !- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=be5fc527-4db4-4841-8ff2-78d46b85cd4b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=acec1f34-cd99-4fdb-a80d-4aab2b761f72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8- ]Ɋ& !X- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=abb85856-cc60-4572-b314-c3ec64e013a7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**P- ]Ɋ& !X- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=abb85856-cc60-4572-b314-c3ec64e013a7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**P- ]Ɋ& !X- F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=abb85856-cc60-4572-b314-c3ec64e013a7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**H- ]Ɋ& !X- F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=abb85856-cc60-4572-b314-c3ec64e013a7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**H- ]Ɋ& !X- F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=abb85856-cc60-4572-b314-c3ec64e013a7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**H- ]Ɋ& !X- F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=abb85856-cc60-4572-b314-c3ec64e013a7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**- ]Ɋ& !- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=abb85856-cc60-4572-b314-c3ec64e013a7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7848f35d-ffd8-4025-ac93-903e40bccaaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**- ]Ɋ& !- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=abb85856-cc60-4572-b314-c3ec64e013a7 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7848f35d-ffd8-4025-ac93-903e40bccaaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**X;%- ]Ɋ& !X;%- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4e221608-8694-474e-bf40-e58d31ec087b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e+X**p;%- ]Ɋ& !X;%- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4e221608-8694-474e-bf40-e58d31ec087b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h;%- ]Ɋ& !X;%- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4e221608-8694-474e-bf40-e58d31ec087b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  X;%- F&CommandPath= CommandLine= @riptName=  ]Ɋ& Xoe+g F&X<& F&]Ɋ& meXM:"m F&e=ElfChnkXF LMu=VysMc&&**h;%- ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X;%- F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4e221608-8694-474e-bf40-e58d31ec087b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`;%- ]Ɋ& !X;%- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4e221608-8694-474e-bf40-e58d31ec087b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`;%- ]Ɋ& !X;%- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4e221608-8694-474e-bf40-e58d31ec087b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**;%- ]Ɋ& !;%- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4e221608-8694-474e-bf40-e58d31ec087b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8944ee54-53a7-4dfd-810d-d46d04dce960 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **;%- ]Ɋ& !;%- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4e221608-8694-474e-bf40-e58d31ec087b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8944ee54-53a7-4dfd-810d-d46d04dce960 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(ѽ- ]Ɋ& !Xѽ- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4b242b3d-bc34-4583-90a0-52814bcdf31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@ѽ- ]Ɋ& !Xѽ- F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4b242b3d-bc34-4583-90a0-52814bcdf31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@ѽ- ]Ɋ& !Xѽ- F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4b242b3d-bc34-4583-90a0-52814bcdf31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8ѽ- ]Ɋ& !Xѽ- F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4b242b3d-bc34-4583-90a0-52814bcdf31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8ѽ- ]Ɋ& !Xѽ- F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4b242b3d-bc34-4583-90a0-52814bcdf31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8ѽ- ]Ɋ& !Xѽ- F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4b242b3d-bc34-4583-90a0-52814bcdf31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8**ѽ- ]Ɋ& !ѽ- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4b242b3d-bc34-4583-90a0-52814bcdf31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2703e5db-328e-4df8-8338-19f6a5bc9413 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**hV- ]Ɋ& !hV- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4b242b3d-bc34-4583-90a0-52814bcdf31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2703e5db-328e-4df8-8338-19f6a5bc9413 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X+ - ]Ɋ& !X+ - F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=50d27891-ae46-4803-855b-f4e3a9bc060f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p+ - ]Ɋ& !X+ - F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=50d27891-ae46-4803-855b-f4e3a9bc060f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p+ - ]Ɋ& !X+ - F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=50d27891-ae46-4803-855b-f4e3a9bc060f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h+ - ]Ɋ& !X+ - F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=50d27891-ae46-4803-855b-f4e3a9bc060f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**h+ - ]Ɋ& !X+ - F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=50d27891-ae46-4803-855b-f4e3a9bc060f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**h+ - ]Ɋ& !X+ - F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=50d27891-ae46-4803-855b-f4e3a9bc060f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=87h**+ - ]Ɋ&  !+ - F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=50d27891-ae46-4803-855b-f4e3a9bc060f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5bf87ce9-b76c-4f7e-9cf6-9328323ee800 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **+ - ]Ɋ& !+ - F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=50d27891-ae46-4803-855b-f4e3a9bc060f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5bf87ce9-b76c-4f7e-9cf6-9328323ee800 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base**¸- ]Ɋ& '!X¸- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8db0155f-f236-4008-9ec0-c3772b2c9747 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**¸- ]Ɋ& ?!X¸- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8db0155f-f236-4008-9ec0-c3772b2c9747 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**¸- ]Ɋ& ;!X¸- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8db0155f-f236-4008-9ec0-c3772b2c9747 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe**¸- ]Ɋ& 3!X¸- F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8db0155f-f236-4008-9ec0-c3772b2c9747 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F**¸- ]Ɋ& 3!X¸- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8db0155f-f236-4008-9ec0-c3772b2c9747 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers**¸- ]Ɋ& 5!X¸- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8db0155f-f236-4008-9ec0-c3772b2c9747 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0¸- ]Ɋ& !¸- F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8db0155f-f236-4008-9ec0-c3772b2c9747 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1edb95ab-7da3-4247-a92e-d4397bce6c4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d70**@XQ- ]Ɋ& !XQ- F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8db0155f-f236-4008-9ec0-c3772b2c9747 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1edb95ab-7da3-4247-a92e-d4397bce6c4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @**!+0 ]Ɋ& )!X!+0 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=69c0ae19-b4ae-4331-a5a6-0c9d83b6e422 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!+0 ]Ɋ& A!X!+0 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=69c0ae19-b4ae-4331-a5a6-0c9d83b6e422 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**!+0 ]Ɋ& =!X!+0 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=69c0ae19-b4ae-4331-a5a6-0c9d83b6e422 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **!+0 ]Ɋ& 5!X!+0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=69c0ae19-b4ae-4331-a5a6-0c9d83b6e422 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**!+0 ]Ɋ& 5!X!+0 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=69c0ae19-b4ae-4331-a5a6-0c9d83b6e422 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**!+0 ]Ɋ& 7!X!+0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=69c0ae19-b4ae-4331-a5a6-0c9d83b6e422 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0!+0 ]Ɋ& !!+0 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=69c0ae19-b4ae-4331-a5a6-0c9d83b6e422 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cbad6ae4-3fef-403a-9050-4445175d7287 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@j+0 ]Ɋ& !j+0 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=69c0ae19-b4ae-4331-a5a6-0c9d83b6e422 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cbad6ae4-3fef-403a-9050-4445175d7287 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==be@**XH+0 ]Ɋ& !XH+0 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8c273ced-72c5-4f48-8d92-4ab715f9741b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**pH+0 ]Ɋ& !XH+0 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8c273ced-72c5-4f48-8d92-4ab715f9741b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**hH+0 ]Ɋ& !XH+0 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8c273ced-72c5-4f48-8d92-4ab715f9741b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**`H+0 ]Ɋ& !XH+0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8c273ced-72c5-4f48-8d92-4ab715f9741b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8`**`H+0 ]Ɋ& !XH+0 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8c273ced-72c5-4f48-8d92-4ab715f9741b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2`**hH+0 ]Ɋ& !XH+0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8c273ced-72c5-4f48-8d92-4ab715f9741b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4e01h**x+0 ]Ɋ&  !x+0 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8c273ced-72c5-4f48-8d92-4ab715f9741b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2ccf0bf-f4c0-48d5-aa86-b21cb474789f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |**x+0 ]Ɋ& !x+0 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8c273ced-72c5-4f48-8d92-4ab715f9741b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2ccf0bf-f4c0-48d5-aa86-b21cb474789f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8C+0 ]Ɋ& !XC+0 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d634c35-b6a0-4e9b-807c-33cc4204f74a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**PC+0 ]Ɋ& !XC+0 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d634c35-b6a0-4e9b-807c-33cc4204f74a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**PC+0 ]Ɋ& !XC+0 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d634c35-b6a0-4e9b-807c-33cc4204f74a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ec08P**HC+0 ]Ɋ& !XC+0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d634c35-b6a0-4e9b-807c-33cc4204f74a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH]Ɋ& ]Ɋ& "XC+0 ElfChnkHƍ1iMu=VysMc&&**HC+0 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!XC+0 F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d634c35-b6a0-4e9b-807c-33cc4204f74a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**HC+0 ]Ɋ& !XC+0 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d634c35-b6a0-4e9b-807c-33cc4204f74a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**C+0 ]Ɋ& !C+0 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d634c35-b6a0-4e9b-807c-33cc4204f74a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7a256a14-f187-43a1-823b-91e7333cc4b0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**C+0 ]Ɋ& !C+0 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d634c35-b6a0-4e9b-807c-33cc4204f74a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7a256a14-f187-43a1-823b-91e7333cc4b0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**Xh+0 ]Ɋ& !Xh+0 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8f167322-cf1f-4af8-9f41-dcc294e9019e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**ph+0 ]Ɋ& !Xh+0 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8f167322-cf1f-4af8-9f41-dcc294e9019e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hh+0 ]Ɋ& !Xh+0 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8f167322-cf1f-4af8-9f41-dcc294e9019e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`h+0 ]Ɋ& !Xh+0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8f167322-cf1f-4af8-9f41-dcc294e9019e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`h+0 ]Ɋ& !Xh+0 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8f167322-cf1f-4af8-9f41-dcc294e9019e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`h+0 ]Ɋ& !Xh+0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8f167322-cf1f-4af8-9f41-dcc294e9019e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h+0 ]Ɋ& !h+0 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8f167322-cf1f-4af8-9f41-dcc294e9019e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b9458115-1890-4056-b028-b31e630aedc0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**h+0 ]Ɋ& !h+0 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8f167322-cf1f-4af8-9f41-dcc294e9019e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b9458115-1890-4056-b028-b31e630aedc0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **( +0 ]Ɋ& !X +0 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6dd8ca9d-d353-4551-a3a1-7ce8660d8292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@ +0 ]Ɋ& !X +0 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6dd8ca9d-d353-4551-a3a1-7ce8660d8292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@ +0 ]Ɋ& !X +0 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6dd8ca9d-d353-4551-a3a1-7ce8660d8292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8 +0 ]Ɋ& !X +0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6dd8ca9d-d353-4551-a3a1-7ce8660d8292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8 +0 ]Ɋ& !X +0 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6dd8ca9d-d353-4551-a3a1-7ce8660d8292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8 +0 ]Ɋ& !X +0 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6dd8ca9d-d353-4551-a3a1-7ce8660d8292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8** +0 ]Ɋ& ! +0 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6dd8ca9d-d353-4551-a3a1-7ce8660d8292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=aba7c052-3f75-4e0f-ad8d-d86562868d3c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **>+0 ]Ɋ& !>+0 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6dd8ca9d-d353-4551-a3a1-7ce8660d8292 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=aba7c052-3f75-4e0f-ad8d-d86562868d3c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**X+0 ]Ɋ& !X+0 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bff34f11-43b9-4bd9-b5f1-a43793b9aec8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p+0 ]Ɋ& !X+0 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bff34f11-43b9-4bd9-b5f1-a43793b9aec8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p+0 ]Ɋ& !X+0 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bff34f11-43b9-4bd9-b5f1-a43793b9aec8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**h+0 ]Ɋ& !X+0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bff34f11-43b9-4bd9-b5f1-a43793b9aec8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**h+0 ]Ɋ& !X+0 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bff34f11-43b9-4bd9-b5f1-a43793b9aec8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**h+0 ]Ɋ& !X+0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bff34f11-43b9-4bd9-b5f1-a43793b9aec8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**+0 ]Ɋ&  !+0 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bff34f11-43b9-4bd9-b5f1-a43793b9aec8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5153eb7e-0ec3-4d49-a67f-ebe119b04f93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**+0 ]Ɋ& !+0 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bff34f11-43b9-4bd9-b5f1-a43793b9aec8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5153eb7e-0ec3-4d49-a67f-ebe119b04f93 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**9+0 ]Ɋ& '!X9+0 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cc5c6d08-fad0-41dd-8f30-53238df7c3e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **9+0 ]Ɋ& ?!X9+0 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cc5c6d08-fad0-41dd-8f30-53238df7c3e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**9+0 ]Ɋ& ;!X9+0 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cc5c6d08-fad0-41dd-8f30-53238df7c3e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**9+0 ]Ɋ& 3!X9+0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cc5c6d08-fad0-41dd-8f30-53238df7c3e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **9+0 ]Ɋ& 3!X9+0 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cc5c6d08-fad0-41dd-8f30-53238df7c3e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**9+0 ]Ɋ& 5!X9+0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cc5c6d08-fad0-41dd-8f30-53238df7c3e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**09+0 ]Ɋ& !9+0 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cc5c6d08-fad0-41dd-8f30-53238df7c3e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=15b0a469-1d40-430d-bc1c-fa1d367b9671 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@j+0 ]Ɋ& !j+0 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cc5c6d08-fad0-41dd-8f30-53238df7c3e1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=15b0a469-1d40-430d-bc1c-fa1d367b9671 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-444@**w2 ]Ɋ& )!Xw2 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9ac61786-8ce8-435c-97c4-712668aea7ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**w2 ]Ɋ& A!Xw2 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9ac61786-8ce8-435c-97c4-712668aea7ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**w2 ]Ɋ& =!Xw2 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9ac61786-8ce8-435c-97c4-712668aea7ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4a**w2 ]Ɋ& 5!Xw2 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9ac61786-8ce8-435c-97c4-712668aea7ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**w2 ]Ɋ& 5!Xw2 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9ac61786-8ce8-435c-97c4-712668aea7ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**w2 ]Ɋ& 7!Xw2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9ac61786-8ce8-435c-97c4-712668aea7ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0w2 ]Ɋ& !w2 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9ac61786-8ce8-435c-97c4-712668aea7ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1b94f6f6-0820-4963-8c71-9251ea7572cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@w2 ]Ɋ& !w2 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9ac61786-8ce8-435c-97c4-712668aea7ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1b94f6f6-0820-4963-8c71-9251ea7572cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**Xw2 ]Ɋ& !Xw2 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4667e300-84e2-482b-9a0f-ad933674a1bf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**pw2 ]Ɋ& !Xw2 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4667e300-84e2-482b-9a0f-ad933674a1bf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hw2 ]Ɋ& !Xw2 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4667e300-84e2-482b-9a0f-ad933674a1bf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`w2 ]Ɋ& !Xw2 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4667e300-84e2-482b-9a0f-ad933674a1bf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`w2 ]Ɋ& !Xw2 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4667e300-84e2-482b-9a0f-ad933674a1bf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==` FH] ]Ɋ& Xw2 F& ElfChnk**t -l]YMu=VysMc&&**hw2 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!Xw2 F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4667e300-84e2-482b-9a0f-ad933674a1bf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**\w2 ]Ɋ&  !\w2 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4667e300-84e2-482b-9a0f-ad933674a1bf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b7f277b-4a05-4b18-8eed-a3f22efb9383 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ҹ**\w2 ]Ɋ& !\w2 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4667e300-84e2-482b-9a0f-ad933674a1bf HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5b7f277b-4a05-4b18-8eed-a3f22efb9383 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8-w2 ]Ɋ& !X-w2 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cfc71836-931c-42e6-9d10-ad19655d50e0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P-w2 ]Ɋ& !X-w2 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cfc71836-931c-42e6-9d10-ad19655d50e0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P-w2 ]Ɋ& !X-w2 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cfc71836-931c-42e6-9d10-ad19655d50e0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**H-w2 ]Ɋ& !X-w2 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cfc71836-931c-42e6-9d10-ad19655d50e0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**H-w2 ]Ɋ& !X-w2 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cfc71836-931c-42e6-9d10-ad19655d50e0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**H-w2 ]Ɋ& !X-w2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cfc71836-931c-42e6-9d10-ad19655d50e0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**-w2 ]Ɋ& !-w2 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cfc71836-931c-42e6-9d10-ad19655d50e0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d4fd230-352c-41cc-87cc-2d416c4ee3c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**-w2 ]Ɋ& !-w2 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cfc71836-931c-42e6-9d10-ad19655d50e0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4d4fd230-352c-41cc-87cc-2d416c4ee3c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xw2 ]Ɋ& !Xw2 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ceb5379c-ca96-48d5-bbbd-811afb8eda3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**pw2 ]Ɋ& !Xw2 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ceb5379c-ca96-48d5-bbbd-811afb8eda3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**hw2 ]Ɋ& !Xw2 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ceb5379c-ca96-48d5-bbbd-811afb8eda3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`w2 ]Ɋ& !Xw2 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ceb5379c-ca96-48d5-bbbd-811afb8eda3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**` w2 ]Ɋ& !Xw2  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ceb5379c-ca96-48d5-bbbd-811afb8eda3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**` w2 ]Ɋ& !Xw2  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ceb5379c-ca96-48d5-bbbd-811afb8eda3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** w2 ]Ɋ& !w2  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ceb5379c-ca96-48d5-bbbd-811afb8eda3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=536fadcb-4413-4a25-806a-48611507c64a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** w2 ]Ɋ& !w2  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ceb5379c-ca96-48d5-bbbd-811afb8eda3a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=536fadcb-4413-4a25-806a-48611507c64a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**( _w2 ]Ɋ& !X _w2  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=da4880e1-8d60-4c1a-a2fe-ddf963952fd5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@ _w2 ]Ɋ& !X _w2 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=da4880e1-8d60-4c1a-a2fe-ddf963952fd5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@ _w2 ]Ɋ& !X _w2 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=da4880e1-8d60-4c1a-a2fe-ddf963952fd5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8 _w2 ]Ɋ& !X _w2 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=da4880e1-8d60-4c1a-a2fe-ddf963952fd5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8 _w2 ]Ɋ& !X _w2 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=da4880e1-8d60-4c1a-a2fe-ddf963952fd5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8 _w2 ]Ɋ& !X _w2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=da4880e1-8d60-4c1a-a2fe-ddf963952fd5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8** _w2 ]Ɋ& ! _w2 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=da4880e1-8d60-4c1a-a2fe-ddf963952fd5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=95504237-e560-435f-a1a8-dff5eeba8b08 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**w2 ]Ɋ& !w2 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=da4880e1-8d60-4c1a-a2fe-ddf963952fd5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=95504237-e560-435f-a1a8-dff5eeba8b08 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**Xw2 ]Ɋ& !Xw2 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8605ca33-e04a-4020-bfb9-0b948d1495b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pw2 ]Ɋ& !Xw2 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8605ca33-e04a-4020-bfb9-0b948d1495b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pw2 ]Ɋ& !Xw2 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8605ca33-e04a-4020-bfb9-0b948d1495b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfop**hw2 ]Ɋ& !Xw2 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8605ca33-e04a-4020-bfb9-0b948d1495b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insh**hw2 ]Ɋ& !Xw2 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8605ca33-e04a-4020-bfb9-0b948d1495b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIdh**hw2 ]Ɋ& !Xw2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8605ca33-e04a-4020-bfb9-0b948d1495b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omh**w2 ]Ɋ&  !w2 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8605ca33-e04a-4020-bfb9-0b948d1495b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e62eba12-692d-4de1-8687-d92a205c6310 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**=w2 ]Ɋ& !=w2 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8605ca33-e04a-4020-bfb9-0b948d1495b1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e62eba12-692d-4de1-8687-d92a205c6310 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oleH**=w2 ]Ɋ& '!X=w2 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b90ebc36-b987-42c6-ab7b-76dbca1e6877 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**=w2 ]Ɋ& ?!X=w2 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b90ebc36-b987-42c6-ab7b-76dbca1e6877 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**=w2 ]Ɋ& ;!X=w2 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b90ebc36-b987-42c6-ab7b-76dbca1e6877 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide** =w2 ]Ɋ& 3!X=w2  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b90ebc36-b987-42c6-ab7b-76dbca1e6877 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **!=w2 ]Ɋ& 3!X=w2! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b90ebc36-b987-42c6-ab7b-76dbca1e6877 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame**"=w2 ]Ɋ& 5!X=w2" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b90ebc36-b987-42c6-ab7b-76dbca1e6877 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rs**0#=w2 ]Ɋ& !=w2# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b90ebc36-b987-42c6-ab7b-76dbca1e6877 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=80921cb2-c0b6-407b-976f-19f1422c2b9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er0**@$jw2 ]Ɋ& !jw2$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b90ebc36-b987-42c6-ab7b-76dbca1e6877 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=80921cb2-c0b6-407b-976f-19f1422c2b9e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=572c@**%4 ]Ɋ& )!X4% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=708b72de-cbfe-40ec-b198-0d3225999f0b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=prod**&4 ]Ɋ& A!X4& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=708b72de-cbfe-40ec-b198-0d3225999f0b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se**'4 ]Ɋ& =!X4' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=708b72de-cbfe-40ec-b198-0d3225999f0b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a1**(4 ]Ɋ& 5!X4( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=708b72de-cbfe-40ec-b198-0d3225999f0b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**)4 ]Ɋ& 5!X4) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=708b72de-cbfe-40ec-b198-0d3225999f0b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP***4 ]Ɋ& 7!X4* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=708b72de-cbfe-40ec-b198-0d3225999f0b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk+Z+Z")F\&Mu=VysMc&&**8+M4 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !M4+ F&F%g>9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=708b72de-cbfe-40ec-b198-0d3225999f0b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=09e7b28e-f81a-41ad-b235-6c3e6bd224f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@,4 ]Ɋ& !4, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=708b72de-cbfe-40ec-b198-0d3225999f0b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=09e7b28e-f81a-41ad-b235-6c3e6bd224f6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**X-4 ]Ɋ& !X4- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=910e749b-1ee5-4f85-83cb-4a1c7b35df73 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**p.4 ]Ɋ& !X4. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=910e749b-1ee5-4f85-83cb-4a1c7b35df73 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**h/4 ]Ɋ& !X4/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=910e749b-1ee5-4f85-83cb-4a1c7b35df73 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**`04 ]Ɋ& !X40 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=910e749b-1ee5-4f85-83cb-4a1c7b35df73 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**`14 ]Ɋ& !X41 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=910e749b-1ee5-4f85-83cb-4a1c7b35df73 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**h24 ]Ɋ& !X42 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=910e749b-1ee5-4f85-83cb-4a1c7b35df73 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh**34 ]Ɋ&  !43 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=910e749b-1ee5-4f85-83cb-4a1c7b35df73 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ac09ce8-f990-489b-a340-ac26c08b7276 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**4B~4 ]Ɋ& !B~44 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=910e749b-1ee5-4f85-83cb-4a1c7b35df73 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ac09ce8-f990-489b-a340-ac26c08b7276 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**85B~4 ]Ɋ& !XB~45 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=793bd4d7-2808-4461-b762-61b5c3fb4c34 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P6B~4 ]Ɋ& !XB~46 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=793bd4d7-2808-4461-b762-61b5c3fb4c34 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**P7B~4 ]Ɋ& !XB~47 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=793bd4d7-2808-4461-b762-61b5c3fb4c34 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**H8B~4 ]Ɋ& !XB~48 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=793bd4d7-2808-4461-b762-61b5c3fb4c34 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**H9B~4 ]Ɋ& !XB~49 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=793bd4d7-2808-4461-b762-61b5c3fb4c34 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**H:B~4 ]Ɋ& !XB~4: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=793bd4d7-2808-4461-b762-61b5c3fb4c34 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH**;B~4 ]Ɋ& !B~4; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=793bd4d7-2808-4461-b762-61b5c3fb4c34 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9e9620d1-d0df-47bb-82f9-1cd25b8cffd6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**<B~4 ]Ɋ& !B~4< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=793bd4d7-2808-4461-b762-61b5c3fb4c34 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9e9620d1-d0df-47bb-82f9-1cd25b8cffd6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X=4 ]Ɋ& !X4= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f28c8183-aa5f-420f-a7f4-fd6c41b1531a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==536X**p>4 ]Ɋ& !X4> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f28c8183-aa5f-420f-a7f4-fd6c41b1531a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**h?4 ]Ɋ& !X4? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f28c8183-aa5f-420f-a7f4-fd6c41b1531a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`@4 ]Ɋ& !X4@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f28c8183-aa5f-420f-a7f4-fd6c41b1531a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`A4 ]Ɋ& !X4A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f28c8183-aa5f-420f-a7f4-fd6c41b1531a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`B4 ]Ɋ& !X4B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f28c8183-aa5f-420f-a7f4-fd6c41b1531a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**C4 ]Ɋ& !4C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f28c8183-aa5f-420f-a7f4-fd6c41b1531a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fea01db3-1865-4172-b648-a92721120ad0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**D4 ]Ɋ& !4D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f28c8183-aa5f-420f-a7f4-fd6c41b1531a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fea01db3-1865-4172-b648-a92721120ad0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(E4 ]Ɋ& !X4E F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2ca63b74-8e0f-4b49-98cc-079c89bf7261 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@F4 ]Ɋ& !X4F F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2ca63b74-8e0f-4b49-98cc-079c89bf7261 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@G4 ]Ɋ& !X4G F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2ca63b74-8e0f-4b49-98cc-079c89bf7261 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8H4 ]Ɋ& !X4H F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2ca63b74-8e0f-4b49-98cc-079c89bf7261 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8I4 ]Ɋ& !X4I F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2ca63b74-8e0f-4b49-98cc-079c89bf7261 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**8J4 ]Ɋ& !X4J F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2ca63b74-8e0f-4b49-98cc-079c89bf7261 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**K4 ]Ɋ& !4K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2ca63b74-8e0f-4b49-98cc-079c89bf7261 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3122edd7-107f-4275-9610-9572e0a177c4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru**LH4 ]Ɋ& !H4L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2ca63b74-8e0f-4b49-98cc-079c89bf7261 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3122edd7-107f-4275-9610-9572e0a177c4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**XM4 ]Ɋ& !X4M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0f5938fa-0ab4-46b5-89b1-2e33801de029 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**pN4 ]Ɋ& !X4N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0f5938fa-0ab4-46b5-89b1-2e33801de029 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**pO4 ]Ɋ& !X4O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0f5938fa-0ab4-46b5-89b1-2e33801de029 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**hP4 ]Ɋ& !X4P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0f5938fa-0ab4-46b5-89b1-2e33801de029 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**hQ4 ]Ɋ& !X4Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0f5938fa-0ab4-46b5-89b1-2e33801de029 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**hR4 ]Ɋ& !X4R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0f5938fa-0ab4-46b5-89b1-2e33801de029 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**S4 ]Ɋ&  !4S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0f5938fa-0ab4-46b5-89b1-2e33801de029 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d3286dfd-4c82-4560-bc48-79c8bb87fe59 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**T3y4 ]Ɋ& !3y4T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0f5938fa-0ab4-46b5-89b1-2e33801de029 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d3286dfd-4c82-4560-bc48-79c8bb87fe59 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**U4 ]Ɋ& '!X4U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c1c22c29-078f-4305-8c90-bedd87f14846 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**V4 ]Ɋ& ?!X4V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c1c22c29-078f-4305-8c90-bedd87f14846 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**W4 ]Ɋ& ;!X4W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c1c22c29-078f-4305-8c90-bedd87f14846 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X4 ]Ɋ& 3!X4X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c1c22c29-078f-4305-8c90-bedd87f14846 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**Y4 ]Ɋ& 3!X4Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c1c22c29-078f-4305-8c90-bedd87f14846 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Z4 ]Ɋ& 5!X4Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c1c22c29-078f-4305-8c90-bedd87f14846 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 354[ F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP***4 ]Ɋ& 7!X4* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=708b72de-cbfe-40ec-b198-0d3225999f0b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk[[H>˵Mu=VysMc&&**8 [4 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !4[ F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c1c22c29-078f-4305-8c90-bedd87f14846 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c9d33c79-65de-493d-b074-1ec6d7e59c0a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e-c8 **@\`4 ]Ɋ& !`4\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c1c22c29-078f-4305-8c90-bedd87f14846 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c9d33c79-65de-493d-b074-1ec6d7e59c0a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**]W>7 ]Ɋ& )!XW>7] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c38c4f47-d0ee-472c-873e-ee4d6e851db3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**^W>7 ]Ɋ& A!XW>7^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c38c4f47-d0ee-472c-873e-ee4d6e851db3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **_W>7 ]Ɋ& =!XW>7_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c38c4f47-d0ee-472c-873e-ee4d6e851db3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **`W>7 ]Ɋ& 5!XW>7` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c38c4f47-d0ee-472c-873e-ee4d6e851db3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=85**aW>7 ]Ɋ& 5!XW>7a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c38c4f47-d0ee-472c-873e-ee4d6e851db3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**bW>7 ]Ɋ& 7!XW>7b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c38c4f47-d0ee-472c-873e-ee4d6e851db3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0cW>7 ]Ɋ& !W>7c F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c38c4f47-d0ee-472c-873e-ee4d6e851db3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fc1cca49-277a-48a1-bb66-a1b3223f7105 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@dX>7 ]Ɋ& !X>7d F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c38c4f47-d0ee-472c-873e-ee4d6e851db3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fc1cca49-277a-48a1-bb66-a1b3223f7105 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**XeX>7 ]Ɋ& !XX>7e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6684acc4-df63-4cd7-9387-9e4ec99382f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6X**pfX>7 ]Ɋ& !XX>7f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6684acc4-df63-4cd7-9387-9e4ec99382f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hgX>7 ]Ɋ& !XX>7g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6684acc4-df63-4cd7-9387-9e4ec99382f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`hX>7 ]Ɋ& !XX>7h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6684acc4-df63-4cd7-9387-9e4ec99382f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`iX>7 ]Ɋ& !XX>7i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6684acc4-df63-4cd7-9387-9e4ec99382f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hjX>7 ]Ɋ& !XX>7j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6684acc4-df63-4cd7-9387-9e4ec99382f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4h**kX>7 ]Ɋ&  !X>7k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6684acc4-df63-4cd7-9387-9e4ec99382f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9124dd96-ef74-4efa-bb69-9bb34cf417d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**lXY>7 ]Ɋ& !XY>7l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6684acc4-df63-4cd7-9387-9e4ec99382f0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9124dd96-ef74-4efa-bb69-9bb34cf417d6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**8mXY>7 ]Ɋ& !XXY>7m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1562ef82-019b-47e2-8883-823d8d3183b1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PnXY>7 ]Ɋ& !XXY>7n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1562ef82-019b-47e2-8883-823d8d3183b1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PoXY>7 ]Ɋ& !XXY>7o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1562ef82-019b-47e2-8883-823d8d3183b1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**HpXY>7 ]Ɋ& !XXY>7p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1562ef82-019b-47e2-8883-823d8d3183b1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HqXY>7 ]Ɋ& !XXY>7q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1562ef82-019b-47e2-8883-823d8d3183b1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HrXY>7 ]Ɋ& !XXY>7r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1562ef82-019b-47e2-8883-823d8d3183b1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**sXY>7 ]Ɋ& !XY>7s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1562ef82-019b-47e2-8883-823d8d3183b1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aac54807-47a4-4a35-9976-68ab03885347 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**tXY>7 ]Ɋ& !XY>7t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1562ef82-019b-47e2-8883-823d8d3183b1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aac54807-47a4-4a35-9976-68ab03885347 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**XuZ>7 ]Ɋ& !XZ>7u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=85c05423-e021-435d-a8de-21982bc145cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pvZ>7 ]Ɋ& !XZ>7v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=85c05423-e021-435d-a8de-21982bc145cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**hwZ>7 ]Ɋ& !XZ>7w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=85c05423-e021-435d-a8de-21982bc145cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`xZ>7 ]Ɋ& !XZ>7x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=85c05423-e021-435d-a8de-21982bc145cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3b`**`yZ>7 ]Ɋ& !XZ>7y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=85c05423-e021-435d-a8de-21982bc145cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**`zZ>7 ]Ɋ& !XZ>7z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=85c05423-e021-435d-a8de-21982bc145cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**{Z>7 ]Ɋ& !Z>7{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=85c05423-e021-435d-a8de-21982bc145cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1227af50-16ef-4a01-bd2f-d5422e910910 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**|Z>7 ]Ɋ& !Z>7| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=85c05423-e021-435d-a8de-21982bc145cf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1227af50-16ef-4a01-bd2f-d5422e910910 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(}Z>7 ]Ɋ& !XZ>7} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bfd73ac0-4fd6-48f0-b333-076f5288d38c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@~Z>7 ]Ɋ& !XZ>7~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bfd73ac0-4fd6-48f0-b333-076f5288d38c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@Z>7 ]Ɋ& !XZ>7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bfd73ac0-4fd6-48f0-b333-076f5288d38c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**8Z>7 ]Ɋ& !XZ>7 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bfd73ac0-4fd6-48f0-b333-076f5288d38c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8Z>7 ]Ɋ& !XZ>7 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bfd73ac0-4fd6-48f0-b333-076f5288d38c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8Z>7 ]Ɋ& !XZ>7 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bfd73ac0-4fd6-48f0-b333-076f5288d38c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**Z>7 ]Ɋ& !Z>7 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bfd73ac0-4fd6-48f0-b333-076f5288d38c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f15f64e5-8b05-469a-b5ed-8c1439e93f6e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**K[>7 ]Ɋ& !K[>7 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bfd73ac0-4fd6-48f0-b333-076f5288d38c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f15f64e5-8b05-469a-b5ed-8c1439e93f6e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**X]>7 ]Ɋ& !X]>7 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=422e6304-a7e9-4d34-a4c4-ebaefc34a957 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**p]>7 ]Ɋ& !X]>7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=422e6304-a7e9-4d34-a4c4-ebaefc34a957 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p]>7 ]Ɋ& !X]>7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=422e6304-a7e9-4d34-a4c4-ebaefc34a957 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**h]>7 ]Ɋ& !X]>7 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=422e6304-a7e9-4d34-a4c4-ebaefc34a957 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**h]>7 ]Ɋ& !X]>7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=422e6304-a7e9-4d34-a4c4-ebaefc34a957 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**h]>7 ]Ɋ& !X]>7 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=422e6304-a7e9-4d34-a4c4-ebaefc34a957 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**]>7 ]Ɋ&  !]>7 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=422e6304-a7e9-4d34-a4c4-ebaefc34a957 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=855a2419-3a68-43e0-898c-73a8b9b7c502 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**v]>7 ]Ɋ& !v]>7 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=422e6304-a7e9-4d34-a4c4-ebaefc34a957 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=855a2419-3a68-43e0-898c-73a8b9b7c502 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=354 ]Ɋ&  CXv]>7 F&ommandPath= CommandLine=wP***4 ]Ɋ& 7!X4* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=708b72de-cbfe-40ec-b198-0d3225999f0b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(a=3@Mu=VysMc&&** v]>7 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xv]>7 F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6760d37a-5428-4f9c-8b5b-6b5dc7b52961 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **v]>7 ]Ɋ& ?!Xv]>7 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6760d37a-5428-4f9c-8b5b-6b5dc7b52961 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**v]>7 ]Ɋ& ;!Xv]>7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6760d37a-5428-4f9c-8b5b-6b5dc7b52961 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **v]>7 ]Ɋ& 3!Xv]>7 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6760d37a-5428-4f9c-8b5b-6b5dc7b52961 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**v]>7 ]Ɋ& 3!Xv]>7 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6760d37a-5428-4f9c-8b5b-6b5dc7b52961 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**v]>7 ]Ɋ& 5!Xv]>7 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6760d37a-5428-4f9c-8b5b-6b5dc7b52961 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0v]>7 ]Ɋ& !v]>7 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6760d37a-5428-4f9c-8b5b-6b5dc7b52961 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5dee79ac-a0aa-4bda-a5df-5617d94625f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@ F^>7 ]Ɋ& ! F^>7 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6760d37a-5428-4f9c-8b5b-6b5dc7b52961 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5dee79ac-a0aa-4bda-a5df-5617d94625f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**d9 ]Ɋ& )!Xd9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=61e9291b-2965-4d61-be1e-b2a6b81a8ade HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**d9 ]Ɋ& A!Xd9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=61e9291b-2965-4d61-be1e-b2a6b81a8ade HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta**d9 ]Ɋ& =!Xd9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=61e9291b-2965-4d61-be1e-b2a6b81a8ade HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d7**d9 ]Ɋ& 5!Xd9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=61e9291b-2965-4d61-be1e-b2a6b81a8ade HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**d9 ]Ɋ& 5!Xd9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=61e9291b-2965-4d61-be1e-b2a6b81a8ade HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**d9 ]Ɋ& 7!Xd9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=61e9291b-2965-4d61-be1e-b2a6b81a8ade HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0d9 ]Ɋ& !d9 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=61e9291b-2965-4d61-be1e-b2a6b81a8ade HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=55cb1f51-34eb-4ad3-be16-6a6eba38c3c4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@9 ]Ɋ& !9 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=61e9291b-2965-4d61-be1e-b2a6b81a8ade HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=55cb1f51-34eb-4ad3-be16-6a6eba38c3c4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**XP9 ]Ɋ& !XP9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=32f925af-1073-40df-98bf-312dd3933205 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pP9 ]Ɋ& !XP9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=32f925af-1073-40df-98bf-312dd3933205 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hP9 ]Ɋ& !XP9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=32f925af-1073-40df-98bf-312dd3933205 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`P9 ]Ɋ& !XP9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=32f925af-1073-40df-98bf-312dd3933205 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**`P9 ]Ɋ& !XP9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=32f925af-1073-40df-98bf-312dd3933205 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hP9 ]Ɋ& !XP9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=32f925af-1073-40df-98bf-312dd3933205 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XYh**P9 ]Ɋ&  !P9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=32f925af-1073-40df-98bf-312dd3933205 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec3ded25-d5ab-4c65-a489-6b6356fbda6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**T鍊9 ]Ɋ& !T鍊9 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=32f925af-1073-40df-98bf-312dd3933205 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec3ded25-d5ab-4c65-a489-6b6356fbda6d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8끎9 ]Ɋ& !X끎9 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4cb45cc3-47cb-45a5-b3ea-c50c6660e79b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P끎9 ]Ɋ& !X끎9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4cb45cc3-47cb-45a5-b3ea-c50c6660e79b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ZP**P끎9 ]Ɋ& !X끎9 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4cb45cc3-47cb-45a5-b3ea-c50c6660e79b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**H끎9 ]Ɋ& !X끎9 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4cb45cc3-47cb-45a5-b3ea-c50c6660e79b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**H끎9 ]Ɋ& !X끎9 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4cb45cc3-47cb-45a5-b3ea-c50c6660e79b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**H끎9 ]Ɋ& !X끎9 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4cb45cc3-47cb-45a5-b3ea-c50c6660e79b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH**끎9 ]Ɋ& !끎9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4cb45cc3-47cb-45a5-b3ea-c50c6660e79b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3fba89da-366b-4ceb-bead-b0c352dc8a66 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **끎9 ]Ɋ& !끎9 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4cb45cc3-47cb-45a5-b3ea-c50c6660e79b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3fba89da-366b-4ceb-bead-b0c352dc8a66 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X9 ]Ɋ& !X9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=50bf408f-59b8-4258-b6c6-fa0e1b2f73fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**p9 ]Ɋ& !X9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=50bf408f-59b8-4258-b6c6-fa0e1b2f73fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**h9 ]Ɋ& !X9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=50bf408f-59b8-4258-b6c6-fa0e1b2f73fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**`9 ]Ɋ& !X9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=50bf408f-59b8-4258-b6c6-fa0e1b2f73fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`9 ]Ɋ& !X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=50bf408f-59b8-4258-b6c6-fa0e1b2f73fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`9 ]Ɋ& !X9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=50bf408f-59b8-4258-b6c6-fa0e1b2f73fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**9 ]Ɋ& !9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=50bf408f-59b8-4258-b6c6-fa0e1b2f73fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e2c0759-8282-45f6-bfe3-cfc1b0c57aae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R**9 ]Ɋ& !9 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=50bf408f-59b8-4258-b6c6-fa0e1b2f73fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1e2c0759-8282-45f6-bfe3-cfc1b0c57aae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**(9 ]Ɋ& !X9 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b6d5c457-9ca5-4be1-b5a2-2caf101cfe2a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@9 ]Ɋ& !X9 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b6d5c457-9ca5-4be1-b5a2-2caf101cfe2a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@9 ]Ɋ& !X9 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b6d5c457-9ca5-4be1-b5a2-2caf101cfe2a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bae@**89 ]Ɋ& !X9 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b6d5c457-9ca5-4be1-b5a2-2caf101cfe2a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**89 ]Ɋ& !X9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b6d5c457-9ca5-4be1-b5a2-2caf101cfe2a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**89 ]Ɋ& !X9 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b6d5c457-9ca5-4be1-b5a2-2caf101cfe2a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8**9 ]Ɋ& !9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b6d5c457-9ca5-4be1-b5a2-2caf101cfe2a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bec41aeb-b2bf-4111-bf5b-2977f9e7b428 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al**K9 ]Ɋ& !K9 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b6d5c457-9ca5-4be1-b5a2-2caf101cfe2a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=bec41aeb-b2bf-4111-bf5b-2977f9e7b428 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**X|9 ]Ɋ& !X|9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=83f37402-627e-4089-a3c1-053db16336bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**p|9 ]Ɋ& !X|9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=83f37402-627e-4089-a3c1-053db16336bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p|9 ]Ɋ& !X|9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=83f37402-627e-4089-a3c1-053db16336bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& 8-X|9 F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk.`!?5Mu=VysMc&&**h |9 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!X|9 F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=83f37402-627e-4089-a3c1-053db16336bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h|9 ]Ɋ& !X|9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=83f37402-627e-4089-a3c1-053db16336bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**h|9 ]Ɋ& !X|9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=83f37402-627e-4089-a3c1-053db16336bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch**|9 ]Ɋ&  !|9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=83f37402-627e-4089-a3c1-053db16336bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=38d831dc-6e52-4111-88a9-de24e25c8fd7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**r9 ]Ɋ& !r9 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=83f37402-627e-4089-a3c1-053db16336bf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=38d831dc-6e52-4111-88a9-de24e25c8fd7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst**r9 ]Ɋ& '!Xr9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6143f3e7-4443-40bf-8b29-5ba0bb4443c1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**r9 ]Ɋ& ?!Xr9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6143f3e7-4443-40bf-8b29-5ba0bb4443c1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**r9 ]Ɋ& ;!Xr9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6143f3e7-4443-40bf-8b29-5ba0bb4443c1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**r9 ]Ɋ& 3!Xr9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6143f3e7-4443-40bf-8b29-5ba0bb4443c1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**r9 ]Ɋ& 3!Xr9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6143f3e7-4443-40bf-8b29-5ba0bb4443c1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**r9 ]Ɋ& 5!Xr9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6143f3e7-4443-40bf-8b29-5ba0bb4443c1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**0r9 ]Ɋ& !r9 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6143f3e7-4443-40bf-8b29-5ba0bb4443c1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=deb801e2-95f9-4db6-ad81-eea2531bdd5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@9 ]Ɋ& !9 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6143f3e7-4443-40bf-8b29-5ba0bb4443c1 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=deb801e2-95f9-4db6-ad81-eea2531bdd5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@** ; ]Ɋ& )!X ; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ebd3e2f7-435c-4eb4-bb8b-3df785a518a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ; ]Ɋ& A!X ; F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ebd3e2f7-435c-4eb4-bb8b-3df785a518a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line** ; ]Ɋ& =!X ; F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ebd3e2f7-435c-4eb4-bb8b-3df785a518a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm** ; ]Ɋ& 5!X ; F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ebd3e2f7-435c-4eb4-bb8b-3df785a518a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g ** ; ]Ɋ& 5!X ; F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ebd3e2f7-435c-4eb4-bb8b-3df785a518a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na** ; ]Ɋ& 7!X ; F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ebd3e2f7-435c-4eb4-bb8b-3df785a518a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0 ; ]Ɋ& ! ; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ebd3e2f7-435c-4eb4-bb8b-3df785a518a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=698f0d6a-c292-4bba-a964-42b4392ecc4b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@{; ]Ɋ& !{; F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ebd3e2f7-435c-4eb4-bb8b-3df785a518a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=698f0d6a-c292-4bba-a964-42b4392ecc4b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**X;; ]Ɋ& !X;; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7dec527b-55bc-4dac-bf8d-206177900e6a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**p;; ]Ɋ& !X;; F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7dec527b-55bc-4dac-bf8d-206177900e6a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**h;; ]Ɋ& !X;; F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7dec527b-55bc-4dac-bf8d-206177900e6a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`;; ]Ɋ& !X;; F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7dec527b-55bc-4dac-bf8d-206177900e6a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`;; ]Ɋ& !X;; F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7dec527b-55bc-4dac-bf8d-206177900e6a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**h;; ]Ɋ& !X;; F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7dec527b-55bc-4dac-bf8d-206177900e6a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**;; ]Ɋ&  !;; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7dec527b-55bc-4dac-bf8d-206177900e6a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d9f77de-be44-4e9d-96fa-08c6d4cb1de8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli**;; ]Ɋ& !;; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7dec527b-55bc-4dac-bf8d-206177900e6a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d9f77de-be44-4e9d-96fa-08c6d4cb1de8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**8; ]Ɋ& !X; F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e4386da0-197b-4c54-8ab7-7d5014bba4aa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6-8**P; ]Ɋ& !X; F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e4386da0-197b-4c54-8ab7-7d5014bba4aa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8fP**P; ]Ɋ& !X; F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e4386da0-197b-4c54-8ab7-7d5014bba4aa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**H; ]Ɋ& !X; F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e4386da0-197b-4c54-8ab7-7d5014bba4aa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**H; ]Ɋ& !X; F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e4386da0-197b-4c54-8ab7-7d5014bba4aa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**H; ]Ɋ& !X; F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e4386da0-197b-4c54-8ab7-7d5014bba4aa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e4386da0-197b-4c54-8ab7-7d5014bba4aa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb56c6fa-8a93-4388-bb8f-b1626c8bd998 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**; ]Ɋ& !; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e4386da0-197b-4c54-8ab7-7d5014bba4aa HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fb56c6fa-8a93-4388-bb8f-b1626c8bd998 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**X?l; ]Ɋ& !X?l; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7b493389-6910-409f-b55a-cd04151b1fc8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**p?l; ]Ɋ& !X?l; F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7b493389-6910-409f-b55a-cd04151b1fc8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h?l; ]Ɋ& !X?l; F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7b493389-6910-409f-b55a-cd04151b1fc8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`?l; ]Ɋ& !X?l; F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7b493389-6910-409f-b55a-cd04151b1fc8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`?l; ]Ɋ& !X?l; F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7b493389-6910-409f-b55a-cd04151b1fc8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`?l; ]Ɋ& !X?l; F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7b493389-6910-409f-b55a-cd04151b1fc8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**?l; ]Ɋ& !?l; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7b493389-6910-409f-b55a-cd04151b1fc8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=423594bf-1051-4770-825d-e7ee56349392 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**?l; ]Ɋ& !?l; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7b493389-6910-409f-b55a-cd04151b1fc8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=423594bf-1051-4770-825d-e7ee56349392 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**(?l; ]Ɋ& !X?l; F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=640ffe02-bff7-42a7-9fff-fe69d4af60b5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@?l; ]Ɋ& !X?l; F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=640ffe02-bff7-42a7-9fff-fe69d4af60b5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@?l; ]Ɋ& !X?l; F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=640ffe02-bff7-42a7-9fff-fe69d4af60b5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**8?l; ]Ɋ& !X?l; F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=640ffe02-bff7-42a7-9fff-fe69d4af60b5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**8?l; ]Ɋ& !X?l; F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=640ffe02-bff7-42a7-9fff-fe69d4af60b5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8?l; ]Ɋ& !X?l; F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=640ffe02-bff7-42a7-9fff-fe69d4af60b5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnk$$@Ofo3Mu=VysMc&&** ?l; ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! m!?l; F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=640ffe02-bff7-42a7-9fff-fe69d4af60b5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9bf6a789-4b3e-4f8e-b55b-3df5c12c3979 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio **; ]Ɋ& !; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=640ffe02-bff7-42a7-9fff-fe69d4af60b5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9bf6a789-4b3e-4f8e-b55b-3df5c12c3979 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**X6; ]Ɋ& !X6; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cd655029-4b36-431a-8fae-d8a8713529d4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p6; ]Ɋ& !X6; F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cd655029-4b36-431a-8fae-d8a8713529d4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**p6; ]Ɋ& !X6; F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cd655029-4b36-431a-8fae-d8a8713529d4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**h6; ]Ɋ& !X6; F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cd655029-4b36-431a-8fae-d8a8713529d4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**h6; ]Ɋ& !X6; F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cd655029-4b36-431a-8fae-d8a8713529d4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**h6; ]Ɋ& !X6; F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cd655029-4b36-431a-8fae-d8a8713529d4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**6; ]Ɋ&  !6; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cd655029-4b36-431a-8fae-d8a8713529d4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46b68da0-a530-4cc0-a7cc-b62e98421a88 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**; ]Ɋ& !; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cd655029-4b36-431a-8fae-d8a8713529d4 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46b68da0-a530-4cc0-a7cc-b62e98421a88 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**; ]Ɋ& '!X; F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e51b4493-0377-4c88-b4ed-f95822d77914 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**; ]Ɋ& ?!X; F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e51b4493-0377-4c88-b4ed-f95822d77914 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**; ]Ɋ& ;!X; F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e51b4493-0377-4c88-b4ed-f95822d77914 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**; ]Ɋ& 3!X; F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e51b4493-0377-4c88-b4ed-f95822d77914 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**; ]Ɋ& 3!X; F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e51b4493-0377-4c88-b4ed-f95822d77914 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**; ]Ɋ& 5!X; F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e51b4493-0377-4c88-b4ed-f95822d77914 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0; ]Ɋ& !; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e51b4493-0377-4c88-b4ed-f95822d77914 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a2a5f312-37a1-4e53-9113-c0ca704c2261 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la0**@; ]Ɋ& !; F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e51b4493-0377-4c88-b4ed-f95822d77914 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a2a5f312-37a1-4e53-9113-c0ca704c2261 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng -@**[P> ]Ɋ& )!X[P> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ef873430-0306-4a8e-8044-109e5d7b215f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**[P> ]Ɋ& A!X[P> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ef873430-0306-4a8e-8044-109e5d7b215f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ac-b**[P> ]Ɋ& =!X[P> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ef873430-0306-4a8e-8044-109e5d7b215f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**[P> ]Ɋ& 5!X[P> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ef873430-0306-4a8e-8044-109e5d7b215f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me** [P> ]Ɋ& 5!X[P>  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ef873430-0306-4a8e-8044-109e5d7b215f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** [P> ]Ɋ& 7!X[P>  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ef873430-0306-4a8e-8044-109e5d7b215f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**0 [P> ]Ɋ& ![P>  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ef873430-0306-4a8e-8044-109e5d7b215f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e15d9280-f5c7-48e6-b12b-25f480f9e845 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@ P> ]Ɋ& !P>  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ef873430-0306-4a8e-8044-109e5d7b215f HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e15d9280-f5c7-48e6-b12b-25f480f9e845 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pel@**X P> ]Ɋ& !XP>  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=061b1f09-9853-44ac-a67a-90e70103ffa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RX**pP> ]Ɋ& !XP> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=061b1f09-9853-44ac-a67a-90e70103ffa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersp**hP> ]Ɋ& !XP> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=061b1f09-9853-44ac-a67a-90e70103ffa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ph**`P> ]Ɋ& !XP> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=061b1f09-9853-44ac-a67a-90e70103ffa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**`P> ]Ɋ& !XP> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=061b1f09-9853-44ac-a67a-90e70103ffa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hP> ]Ɋ& !XP> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=061b1f09-9853-44ac-a67a-90e70103ffa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**P> ]Ɋ&  !P> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=061b1f09-9853-44ac-a67a-90e70103ffa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad77b06d-8609-4b6f-90bc-4b7685b67546 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**P> ]Ɋ& !P> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=061b1f09-9853-44ac-a67a-90e70103ffa3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ad77b06d-8609-4b6f-90bc-4b7685b67546 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8IP> ]Ɋ& !XIP> F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=501ab015-2382-4c9d-bfd9-8308fd3c05b0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt8**PIP> ]Ɋ& !XIP> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=501ab015-2382-4c9d-bfd9-8308fd3c05b0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipP**PIP> ]Ɋ& !XIP> F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=501ab015-2382-4c9d-bfd9-8308fd3c05b0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CommP**HIP> ]Ɋ& !XIP> F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=501ab015-2382-4c9d-bfd9-8308fd3c05b0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**HIP> ]Ɋ& !XIP> F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=501ab015-2382-4c9d-bfd9-8308fd3c05b0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PipH**HIP> ]Ɋ& !XIP> F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=501ab015-2382-4c9d-bfd9-8308fd3c05b0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspH**IP> ]Ɋ& !IP> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=501ab015-2382-4c9d-bfd9-8308fd3c05b0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=13af188d-d2eb-4473-855b-55dd0dcbf32c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**IP> ]Ɋ& !IP> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=501ab015-2382-4c9d-bfd9-8308fd3c05b0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=13af188d-d2eb-4473-855b-55dd0dcbf32c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**XKP> ]Ɋ& !XKP> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1b6e5c51-2de9-4560-89d0-34c6b537eb46 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIdX**pKP> ]Ɋ& !XKP> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1b6e5c51-2de9-4560-89d0-34c6b537eb46 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obalp**hKP> ]Ɋ& !XKP> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1b6e5c51-2de9-4560-89d0-34c6b537eb46 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=x h**` KP> ]Ɋ& !XKP>  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1b6e5c51-2de9-4560-89d0-34c6b537eb46 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`!KP> ]Ɋ& !XKP>! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1b6e5c51-2de9-4560-89d0-34c6b537eb46 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`"KP> ]Ɋ& !XKP>" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1b6e5c51-2de9-4560-89d0-34c6b537eb46 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**#KP> ]Ɋ& !KP># F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1b6e5c51-2de9-4560-89d0-34c6b537eb46 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0cbebdb2-1329-417a-a099-9f9f65abb7d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**$KP> ]Ɋ& !KP>$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1b6e5c51-2de9-4560-89d0-34c6b537eb46 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0cbebdb2-1329-417a-a099-9f9f65abb7d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= EnneVersion=  ]Ɋ& maXzP>% F&ndPath= CommandLine=8F& ElfChnk%U%U>)$~Mu=VysMc&&**0 %zP> ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XzP>% F&F%g>9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0405e1f2-f27f-4844-9c89-c3e23231ebda HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0 **@&zP> ]Ɋ& !XzP>& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0405e1f2-f27f-4844-9c89-c3e23231ebda HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P@**@'zP> ]Ɋ& !XzP>' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0405e1f2-f27f-4844-9c89-c3e23231ebda HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lue@**8(zP> ]Ɋ& !XzP>( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0405e1f2-f27f-4844-9c89-c3e23231ebda HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**8)zP> ]Ɋ& !XzP>) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0405e1f2-f27f-4844-9c89-c3e23231ebda HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4 8**8*zP> ]Ɋ& !XzP>* F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0405e1f2-f27f-4844-9c89-c3e23231ebda HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er8**+zP> ]Ɋ& !zP>+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0405e1f2-f27f-4844-9c89-c3e23231ebda HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2755658c-17cb-412a-8a2e-57558b4a2299 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**,xP> ]Ɋ& !xP>, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0405e1f2-f27f-4844-9c89-c3e23231ebda HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2755658c-17cb-412a-8a2e-57558b4a2299 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **X-uP> ]Ɋ& !XuP>- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1b23ea72-a9f4-48bb-91a3-f027cc88e485 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**p.uP> ]Ɋ& !XuP>. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1b23ea72-a9f4-48bb-91a3-f027cc88e485 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**p/uP> ]Ɋ& !XuP>/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1b23ea72-a9f4-48bb-91a3-f027cc88e485 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rinp**h0uP> ]Ɋ& !XuP>0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1b23ea72-a9f4-48bb-91a3-f027cc88e485 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h1uP> ]Ɋ& !XuP>1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1b23ea72-a9f4-48bb-91a3-f027cc88e485 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipth**h2uP> ]Ɋ& !XuP>2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1b23ea72-a9f4-48bb-91a3-f027cc88e485 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**3uP> ]Ɋ&  !uP>3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1b23ea72-a9f4-48bb-91a3-f027cc88e485 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=45860ba4-5a72-4cc2-8434-617c38cbc511 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eg**4iP> ]Ɋ& !iP>4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1b23ea72-a9f4-48bb-91a3-f027cc88e485 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=45860ba4-5a72-4cc2-8434-617c38cbc511 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=493-**5P> ]Ɋ& '!XP>5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=12da8e9d-d7c7-473a-b9c7-0425eb47d741 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**6P> ]Ɋ& ?!XP>6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=12da8e9d-d7c7-473a-b9c7-0425eb47d741 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**7P> ]Ɋ& ;!XP>7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=12da8e9d-d7c7-473a-b9c7-0425eb47d741 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8P> ]Ɋ& 3!XP>8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=12da8e9d-d7c7-473a-b9c7-0425eb47d741 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**9P> ]Ɋ& 3!XP>9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=12da8e9d-d7c7-473a-b9c7-0425eb47d741 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **:P> ]Ɋ& 5!XP>: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=12da8e9d-d7c7-473a-b9c7-0425eb47d741 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0;P> ]Ɋ& !P>; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=12da8e9d-d7c7-473a-b9c7-0425eb47d741 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a6d13606-258e-4c21-8bb4-b0c9b94f1c96 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si0**@<?P> ]Ɋ& !?P>< F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=12da8e9d-d7c7-473a-b9c7-0425eb47d741 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a6d13606-258e-4c21-8bb4-b0c9b94f1c96 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**=0@ ]Ɋ& )!X0@= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5f0e8a2e-1989-4da9-a1ba-1bac5b05629e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**>0@ ]Ɋ& A!X0@> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5f0e8a2e-1989-4da9-a1ba-1bac5b05629e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**?0@ ]Ɋ& =!X0@? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5f0e8a2e-1989-4da9-a1ba-1bac5b05629e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mI**@0@ ]Ɋ& 5!X0@@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5f0e8a2e-1989-4da9-a1ba-1bac5b05629e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-9**A0@ ]Ɋ& 5!X0@A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5f0e8a2e-1989-4da9-a1ba-1bac5b05629e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**B0@ ]Ɋ& 7!X0@B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5f0e8a2e-1989-4da9-a1ba-1bac5b05629e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**0C@ ]Ɋ& !@C F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5f0e8a2e-1989-4da9-a1ba-1bac5b05629e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=23d223dc-f7d8-48c2-9448-01aa7424b73a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@D'b@ ]Ɋ& !'b@D F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5f0e8a2e-1989-4da9-a1ba-1bac5b05629e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=23d223dc-f7d8-48c2-9448-01aa7424b73a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XE@ ]Ɋ& !X@E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b7b5eed6-ff3a-4796-b97e-2e352438f225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= X**pF@ ]Ɋ& !X@F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b7b5eed6-ff3a-4796-b97e-2e352438f225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hG@ ]Ɋ& !X@G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b7b5eed6-ff3a-4796-b97e-2e352438f225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`H@ ]Ɋ& !X@H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b7b5eed6-ff3a-4796-b97e-2e352438f225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`I@ ]Ɋ& !X@I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b7b5eed6-ff3a-4796-b97e-2e352438f225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hJ@ ]Ɋ& !X@J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b7b5eed6-ff3a-4796-b97e-2e352438f225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**K@ ]Ɋ&  !@K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b7b5eed6-ff3a-4796-b97e-2e352438f225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=67368d88-e7a1-4cde-9569-2e8d2b8bc5cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=None**L@ ]Ɋ& !@L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b7b5eed6-ff3a-4796-b97e-2e352438f225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=67368d88-e7a1-4cde-9569-2e8d2b8bc5cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**8M@ ]Ɋ& !X@M F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=18a7724d-0dcd-4a12-996b-ab82508b0f49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PN@ ]Ɋ& !X@N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=18a7724d-0dcd-4a12-996b-ab82508b0f49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PO@ ]Ɋ& !X@O F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=18a7724d-0dcd-4a12-996b-ab82508b0f49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HP@ ]Ɋ& !X@P F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=18a7724d-0dcd-4a12-996b-ab82508b0f49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HQ@ ]Ɋ& !X@Q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=18a7724d-0dcd-4a12-996b-ab82508b0f49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HR@ ]Ɋ& !X@R F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=18a7724d-0dcd-4a12-996b-ab82508b0f49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**ST@ ]Ɋ& !T@S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=18a7724d-0dcd-4a12-996b-ab82508b0f49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aea226ec-a178-4003-a04a-61065d9e3673 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**TT@ ]Ɋ& !T@T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=18a7724d-0dcd-4a12-996b-ab82508b0f49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aea226ec-a178-4003-a04a-61065d9e3673 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XUT@ ]Ɋ& !XT@U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8ac2e9a0-eb3a-4ebb-917a-2cba30b288c4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mandXne= En ]Ɋ& XT@V F& F&ndPath= CommandLine=8F& ElfChnkVV@"d`aMu=VysMc&&**pVT@ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!XT@V F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8ac2e9a0-eb3a-4ebb-917a-2cba30b288c4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**hWT@ ]Ɋ& !XT@W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8ac2e9a0-eb3a-4ebb-917a-2cba30b288c4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**`XT@ ]Ɋ& !XT@X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8ac2e9a0-eb3a-4ebb-917a-2cba30b288c4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`YT@ ]Ɋ& !XT@Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8ac2e9a0-eb3a-4ebb-917a-2cba30b288c4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e1`**`ZT@ ]Ɋ& !XT@Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8ac2e9a0-eb3a-4ebb-917a-2cba30b288c4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**[T@ ]Ɋ& !T@[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8ac2e9a0-eb3a-4ebb-917a-2cba30b288c4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08e3de57-83c5-4c5d-b9c8-013563d9d131 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\T@ ]Ɋ& !T@\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8ac2e9a0-eb3a-4ebb-917a-2cba30b288c4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08e3de57-83c5-4c5d-b9c8-013563d9d131 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=+**(]+@ ]Ɋ& !X+@] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b2233394-0a2d-4bf7-ac1b-1efc652c7961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@^+@ ]Ɋ& !X+@^ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b2233394-0a2d-4bf7-ac1b-1efc652c7961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@_+@ ]Ɋ& !X+@_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b2233394-0a2d-4bf7-ac1b-1efc652c7961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8`+@ ]Ɋ& !X+@` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b2233394-0a2d-4bf7-ac1b-1efc652c7961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8a+@ ]Ɋ& !X+@a F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b2233394-0a2d-4bf7-ac1b-1efc652c7961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8b+@ ]Ɋ& !X+@b F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b2233394-0a2d-4bf7-ac1b-1efc652c7961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**c+@ ]Ɋ& !+@c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b2233394-0a2d-4bf7-ac1b-1efc652c7961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=34f26626-5d4c-4a62-97a1-f8ab4eeeef61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**d@ ]Ɋ& !@d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b2233394-0a2d-4bf7-ac1b-1efc652c7961 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=34f26626-5d4c-4a62-97a1-f8ab4eeeef61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**Xe&@ ]Ɋ& !X&@e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fd7f2644-215d-46e5-91ee-6f9d71b56a64 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pf&@ ]Ɋ& !X&@f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fd7f2644-215d-46e5-91ee-6f9d71b56a64 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5p**pg&@ ]Ɋ& !X&@g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fd7f2644-215d-46e5-91ee-6f9d71b56a64 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**hh&@ ]Ɋ& !X&@h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fd7f2644-215d-46e5-91ee-6f9d71b56a64 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hi&@ ]Ɋ& !X&@i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fd7f2644-215d-46e5-91ee-6f9d71b56a64 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hj&@ ]Ɋ& !X&@j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fd7f2644-215d-46e5-91ee-6f9d71b56a64 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**k&@ ]Ɋ&  !&@k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fd7f2644-215d-46e5-91ee-6f9d71b56a64 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=607ed2f7-835f-4747-a306-d3a7a5621e63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **lq@ ]Ɋ& !q@l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fd7f2644-215d-46e5-91ee-6f9d71b56a64 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=607ed2f7-835f-4747-a306-d3a7a5621e63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-473**mX@ ]Ɋ& '!XX@m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4b210f05-d74d-402f-93fc-7a7f5397fe30 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**nX@ ]Ɋ& ?!XX@n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4b210f05-d74d-402f-93fc-7a7f5397fe30 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**oX@ ]Ɋ& ;!XX@o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4b210f05-d74d-402f-93fc-7a7f5397fe30 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**pX@ ]Ɋ& 3!XX@p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4b210f05-d74d-402f-93fc-7a7f5397fe30 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**qX@ ]Ɋ& 3!XX@q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4b210f05-d74d-402f-93fc-7a7f5397fe30 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**rX@ ]Ɋ& 5!XX@r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4b210f05-d74d-402f-93fc-7a7f5397fe30 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0sX@ ]Ɋ& !X@s F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4b210f05-d74d-402f-93fc-7a7f5397fe30 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c398273a-71e1-4e88-ad5d-b09278652357 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@t@ ]Ɋ& !@t F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4b210f05-d74d-402f-93fc-7a7f5397fe30 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c398273a-71e1-4e88-ad5d-b09278652357 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**uc/B ]Ɋ& )!Xc/Bu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=04c31aae-2e63-4cca-b019-900a61102323 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**vc/B ]Ɋ& A!Xc/Bv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=04c31aae-2e63-4cca-b019-900a61102323 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**wc/B ]Ɋ& =!Xc/Bw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=04c31aae-2e63-4cca-b019-900a61102323 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **xc/B ]Ɋ& 5!Xc/Bx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=04c31aae-2e63-4cca-b019-900a61102323 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=96**yc/B ]Ɋ& 5!Xc/By F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=04c31aae-2e63-4cca-b019-900a61102323 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**zc/B ]Ɋ& 7!Xc/Bz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=04c31aae-2e63-4cca-b019-900a61102323 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0{c/B ]Ɋ& !c/B{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=04c31aae-2e63-4cca-b019-900a61102323 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=861ec69b-ce31-42f5-b6f8-1333e5c6feef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@|”0B ]Ɋ& !”0B| F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=04c31aae-2e63-4cca-b019-900a61102323 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=861ec69b-ce31-42f5-b6f8-1333e5c6feef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X}X-1B ]Ɋ& !XX-1B} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2b116d29-0e92-4c27-a468-e7c41199697d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p~X-1B ]Ɋ& !XX-1B~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2b116d29-0e92-4c27-a468-e7c41199697d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hX-1B ]Ɋ& !XX-1B F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2b116d29-0e92-4c27-a468-e7c41199697d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`X-1B ]Ɋ& !XX-1B F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2b116d29-0e92-4c27-a468-e7c41199697d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`X-1B ]Ɋ& !XX-1B F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2b116d29-0e92-4c27-a468-e7c41199697d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hX-1B ]Ɋ& !XX-1B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2b116d29-0e92-4c27-a468-e7c41199697d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**X-1B ]Ɋ&  !X-1B F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2b116d29-0e92-4c27-a468-e7c41199697d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=25c6f2ae-82be-44fa-a7ea-9aa1ebb032eb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng**X-1B ]Ɋ& !X-1B F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2b116d29-0e92-4c27-a468-e7c41199697d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=25c6f2ae-82be-44fa-a7ea-9aa1ebb032eb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8X-1B ]Ɋ& !XX-1B F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=24a7e4f0-301a-4a35-811f-103291fd6c4a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**PX-1B ]Ɋ& !XX-1B F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=24a7e4f0-301a-4a35-811f-103291fd6c4a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF& F&ndPath= CommandLine=8F& ElfChnk 3K{Mu=VysMc&&**PX-1B ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!XX-1B F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=24a7e4f0-301a-4a35-811f-103291fd6c4a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**HX-1B ]Ɋ& !XX-1B F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=24a7e4f0-301a-4a35-811f-103291fd6c4a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**HX-1B ]Ɋ& !XX-1B F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=24a7e4f0-301a-4a35-811f-103291fd6c4a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**HX-1B ]Ɋ& !XX-1B F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=24a7e4f0-301a-4a35-811f-103291fd6c4a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH**X-1B ]Ɋ& !X-1B F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=24a7e4f0-301a-4a35-811f-103291fd6c4a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03f22177-8261-4b5e-9704-a56f60b343a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**1B ]Ɋ& !1B F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=24a7e4f0-301a-4a35-811f-103291fd6c4a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03f22177-8261-4b5e-9704-a56f60b343a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X1B ]Ɋ& !X1B F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=01cc3b74-5085-4eb6-aaa5-1ef124fc8ac8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**p1B ]Ɋ& !X1B F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=01cc3b74-5085-4eb6-aaa5-1ef124fc8ac8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h1B ]Ɋ& !X1B F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=01cc3b74-5085-4eb6-aaa5-1ef124fc8ac8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**`1B ]Ɋ& !X1B F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=01cc3b74-5085-4eb6-aaa5-1ef124fc8ac8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65`**`1B ]Ɋ& !X1B F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=01cc3b74-5085-4eb6-aaa5-1ef124fc8ac8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**`1B ]Ɋ& !X1B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=01cc3b74-5085-4eb6-aaa5-1ef124fc8ac8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**1B ]Ɋ& !1B F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=01cc3b74-5085-4eb6-aaa5-1ef124fc8ac8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34e24aa1-7059-4937-ae13-b6dafafe92ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**1B ]Ɋ& !1B F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=01cc3b74-5085-4eb6-aaa5-1ef124fc8ac8 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34e24aa1-7059-4937-ae13-b6dafafe92ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**(^2B ]Ɋ& !X^2B F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4ab04235-8026-4bac-9a38-49e2c4520af6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6(**@^2B ]Ɋ& !X^2B F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4ab04235-8026-4bac-9a38-49e2c4520af6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@^2B ]Ɋ& !X^2B F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4ab04235-8026-4bac-9a38-49e2c4520af6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**8^2B ]Ɋ& !X^2B F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4ab04235-8026-4bac-9a38-49e2c4520af6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**8^2B ]Ɋ& !X^2B F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4ab04235-8026-4bac-9a38-49e2c4520af6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**8^2B ]Ɋ& !X^2B F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4ab04235-8026-4bac-9a38-49e2c4520af6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**^2B ]Ɋ& !^2B F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4ab04235-8026-4bac-9a38-49e2c4520af6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e06a4c2e-5b4a-4c82-b521-26905f4e5e13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **2B ]Ɋ& !2B F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4ab04235-8026-4bac-9a38-49e2c4520af6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e06a4c2e-5b4a-4c82-b521-26905f4e5e13 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**X4B ]Ɋ& !X4B F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=593a8def-8f91-4bcb-8e89-6ba93eb7a3e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p4B ]Ɋ& !X4B F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=593a8def-8f91-4bcb-8e89-6ba93eb7a3e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**p4B ]Ɋ& !X4B F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=593a8def-8f91-4bcb-8e89-6ba93eb7a3e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**h4B ]Ɋ& !X4B F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=593a8def-8f91-4bcb-8e89-6ba93eb7a3e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**h4B ]Ɋ& !X4B F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=593a8def-8f91-4bcb-8e89-6ba93eb7a3e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h4B ]Ɋ& !X4B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=593a8def-8f91-4bcb-8e89-6ba93eb7a3e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**4B ]Ɋ&  !4B F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=593a8def-8f91-4bcb-8e89-6ba93eb7a3e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=723f9814-ff97-4382-8379-f9bfbf44d53a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**vY5B ]Ɋ& !vY5B F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=593a8def-8f91-4bcb-8e89-6ba93eb7a3e0 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=723f9814-ff97-4382-8379-f9bfbf44d53a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq** 5B ]Ɋ& '!X 5B F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bcbfa928-8328-4310-8fc6-b6600a804832 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n** 5B ]Ɋ& ?!X 5B F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bcbfa928-8328-4310-8fc6-b6600a804832 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t** 5B ]Ɋ& ;!X 5B F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bcbfa928-8328-4310-8fc6-b6600a804832 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** 5B ]Ɋ& 3!X 5B F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bcbfa928-8328-4310-8fc6-b6600a804832 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, ** 5B ]Ɋ& 3!X 5B F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bcbfa928-8328-4310-8fc6-b6600a804832 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** 5B ]Ɋ& 5!X 5B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bcbfa928-8328-4310-8fc6-b6600a804832 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0 5B ]Ɋ& ! 5B F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bcbfa928-8328-4310-8fc6-b6600a804832 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b0ee0562-4274-41f9-96b0-6da52ad0f883 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@6B ]Ɋ& !6B F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bcbfa928-8328-4310-8fc6-b6600a804832 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b0ee0562-4274-41f9-96b0-6da52ad0f883 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**_+bE ]Ɋ& )!X_+bE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2f6cf096-dd70-44a6-a9d3-06532c85cad5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**_+bE ]Ɋ& A!X_+bE F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2f6cf096-dd70-44a6-a9d3-06532c85cad5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**_+bE ]Ɋ& =!X_+bE F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2f6cf096-dd70-44a6-a9d3-06532c85cad5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**_+bE ]Ɋ& 5!X_+bE F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2f6cf096-dd70-44a6-a9d3-06532c85cad5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**_+bE ]Ɋ& 5!X_+bE F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2f6cf096-dd70-44a6-a9d3-06532c85cad5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**_+bE ]Ɋ& 7!X_+bE F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2f6cf096-dd70-44a6-a9d3-06532c85cad5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0_+bE ]Ɋ& !_+bE F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2f6cf096-dd70-44a6-a9d3-06532c85cad5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1b865960-3ad3-4f6b-bd88-e0f566cbdb88 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@bE ]Ɋ& !bE F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2f6cf096-dd70-44a6-a9d3-06532c85cad5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1b865960-3ad3-4f6b-bd88-e0f566cbdb88 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**X"bE ]Ɋ& !X"bE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=63c58bbf-3fe5-4441-9485-a88292abb79b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=032X**p"bE ]Ɋ& !X"bE F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=63c58bbf-3fe5-4441-9485-a88292abb79b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**h"bE ]Ɋ& !X"bE F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=63c58bbf-3fe5-4441-9485-a88292abb79b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X"bE F&dLine=8F& ElfChnk(d1wMu=VysMc&&**h"bE ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!X"bE F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=63c58bbf-3fe5-4441-9485-a88292abb79b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X-1h**`"bE ]Ɋ& !X"bE F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=63c58bbf-3fe5-4441-9485-a88292abb79b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h"bE ]Ɋ& !X"bE F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=63c58bbf-3fe5-4441-9485-a88292abb79b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**bE ]Ɋ&  !bE F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=63c58bbf-3fe5-4441-9485-a88292abb79b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ca0d046-5b37-44aa-96a4-7551d2df7a46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**bE ]Ɋ& !bE F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=63c58bbf-3fe5-4441-9485-a88292abb79b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ca0d046-5b37-44aa-96a4-7551d2df7a46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**8O&bE ]Ɋ& !XO&bE F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6baf98db-61c1-4d45-99e5-b61bc23bb5ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PO&bE ]Ɋ& !XO&bE F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6baf98db-61c1-4d45-99e5-b61bc23bb5ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PO&bE ]Ɋ& !XO&bE F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6baf98db-61c1-4d45-99e5-b61bc23bb5ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HO&bE ]Ɋ& !XO&bE F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6baf98db-61c1-4d45-99e5-b61bc23bb5ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HO&bE ]Ɋ& !XO&bE F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6baf98db-61c1-4d45-99e5-b61bc23bb5ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=BH**HO&bE ]Ɋ& !XO&bE F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6baf98db-61c1-4d45-99e5-b61bc23bb5ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**O&bE ]Ɋ& !O&bE F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6baf98db-61c1-4d45-99e5-b61bc23bb5ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1aa4c912-4d04-4a8e-82d6-391c3f637b5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**O&bE ]Ɋ& !O&bE F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6baf98db-61c1-4d45-99e5-b61bc23bb5ef HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1aa4c912-4d04-4a8e-82d6-391c3f637b5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XbE ]Ɋ& !XbE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f2909d70-d0b1-44c2-8d38-7be6bc33ea67 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**pbE ]Ɋ& !XbE F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f2909d70-d0b1-44c2-8d38-7be6bc33ea67 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**hbE ]Ɋ& !XbE F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f2909d70-d0b1-44c2-8d38-7be6bc33ea67 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**`bE ]Ɋ& !XbE F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f2909d70-d0b1-44c2-8d38-7be6bc33ea67 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`bE ]Ɋ& !XbE F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f2909d70-d0b1-44c2-8d38-7be6bc33ea67 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`bE ]Ɋ& !XbE F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f2909d70-d0b1-44c2-8d38-7be6bc33ea67 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**bE ]Ɋ& !bE F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f2909d70-d0b1-44c2-8d38-7be6bc33ea67 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4dffbeef-6b77-4ee6-8649-3bc7fd859816 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**bE ]Ɋ& !bE F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f2909d70-d0b1-44c2-8d38-7be6bc33ea67 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4dffbeef-6b77-4ee6-8649-3bc7fd859816 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**(|WbE ]Ɋ& !X|WbE F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e55aa196-f1a2-42f1-a9b7-bbf28d7bef52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@|WbE ]Ɋ& !X|WbE F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e55aa196-f1a2-42f1-a9b7-bbf28d7bef52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@|WbE ]Ɋ& !X|WbE F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e55aa196-f1a2-42f1-a9b7-bbf28d7bef52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**8|WbE ]Ɋ& !X|WbE F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e55aa196-f1a2-42f1-a9b7-bbf28d7bef52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**8|WbE ]Ɋ& !X|WbE F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e55aa196-f1a2-42f1-a9b7-bbf28d7bef52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8e88**8|WbE ]Ɋ& !X|WbE F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e55aa196-f1a2-42f1-a9b7-bbf28d7bef52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**|WbE ]Ɋ& !|WbE F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e55aa196-f1a2-42f1-a9b7-bbf28d7bef52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3a8f91b4-dd6a-4834-93b0-05e8977151bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**bE ]Ɋ& !bE F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e55aa196-f1a2-42f1-a9b7-bbf28d7bef52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3a8f91b4-dd6a-4834-93b0-05e8977151bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **XֹbE ]Ɋ& !XֹbE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4b2bdcd5-cd75-486c-bc70-cb358b86628e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pֹbE ]Ɋ& !XֹbE F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4b2bdcd5-cd75-486c-bc70-cb358b86628e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**pֹbE ]Ɋ& !XֹbE F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4b2bdcd5-cd75-486c-bc70-cb358b86628e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**hֹbE ]Ɋ& !XֹbE F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4b2bdcd5-cd75-486c-bc70-cb358b86628e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**hֹbE ]Ɋ& !XֹbE F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4b2bdcd5-cd75-486c-bc70-cb358b86628e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**hֹbE ]Ɋ& !XֹbE F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4b2bdcd5-cd75-486c-bc70-cb358b86628e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**ֹbE ]Ɋ&  !ֹbE F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4b2bdcd5-cd75-486c-bc70-cb358b86628e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=57f721cc-e67f-4c65-939d-af477e687c77 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **bE ]Ɋ& !bE F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4b2bdcd5-cd75-486c-bc70-cb358b86628e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=57f721cc-e67f-4c65-939d-af477e687c77 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **ǴbE ]Ɋ& '!XǴbE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ae7fe465-7dff-4c1b-bd71-00a4c95ac72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**ǴbE ]Ɋ& ?!XǴbE F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ae7fe465-7dff-4c1b-bd71-00a4c95ac72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**ǴbE ]Ɋ& ;!XǴbE F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ae7fe465-7dff-4c1b-bd71-00a4c95ac72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**ǴbE ]Ɋ& 3!XǴbE F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ae7fe465-7dff-4c1b-bd71-00a4c95ac72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**ǴbE ]Ɋ& 3!XǴbE F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ae7fe465-7dff-4c1b-bd71-00a4c95ac72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS**ǴbE ]Ɋ& 5!XǴbE F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ae7fe465-7dff-4c1b-bd71-00a4c95ac72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**0ǴbE ]Ɋ& !ǴbE F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ae7fe465-7dff-4c1b-bd71-00a4c95ac72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c57b9835-0958-45ab-850a-06ccea76369c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@]McE ]Ɋ& !]McE F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ae7fe465-7dff-4c1b-bd71-00a4c95ac72f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c57b9835-0958-45ab-850a-06ccea76369c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**G ]Ɋ& )!XG F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f9940b0b-18bd-4e0b-a449-0214db672a7a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**G ]Ɋ& A!XG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f9940b0b-18bd-4e0b-a449-0214db672a7a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**G ]Ɋ& =!XG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f9940b0b-18bd-4e0b-a449-0214db672a7a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXG F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X"bE F&dLine=8F& ElfChnkpY DdMu=VysMc&&**G ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XG F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f9940b0b-18bd-4e0b-a449-0214db672a7a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **G ]Ɋ& 5!XG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f9940b0b-18bd-4e0b-a449-0214db672a7a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**G ]Ɋ& 7!XG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f9940b0b-18bd-4e0b-a449-0214db672a7a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0G ]Ɋ& !G F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f9940b0b-18bd-4e0b-a449-0214db672a7a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=67550445-04f1-47dc-be9c-47324f23906b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@1G ]Ɋ& !1G F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f9940b0b-18bd-4e0b-a449-0214db672a7a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=67550445-04f1-47dc-be9c-47324f23906b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bb7@**X]ʂG ]Ɋ& !X]ʂG F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b48b7c51-81d5-4770-99d9-3c22d674485b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**p]ʂG ]Ɋ& !X]ʂG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b48b7c51-81d5-4770-99d9-3c22d674485b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=61cp**h]ʂG ]Ɋ& !X]ʂG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b48b7c51-81d5-4770-99d9-3c22d674485b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6h**`]ʂG ]Ɋ& !X]ʂG F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b48b7c51-81d5-4770-99d9-3c22d674485b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`]ʂG ]Ɋ& !X]ʂG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b48b7c51-81d5-4770-99d9-3c22d674485b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h]ʂG ]Ɋ& !X]ʂG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b48b7c51-81d5-4770-99d9-3c22d674485b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**]ʂG ]Ɋ&  !]ʂG F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b48b7c51-81d5-4770-99d9-3c22d674485b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=89dd009b-1c00-495f-a6b9-40e5283315b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS**]ʂG ]Ɋ& !]ʂG F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b48b7c51-81d5-4770-99d9-3c22d674485b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=89dd009b-1c00-495f-a6b9-40e5283315b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8bG ]Ɋ& !XbG F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ba9f2dd-b5a3-4718-af8b-21d4c6d6afdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**PbG ]Ɋ& !XbG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ba9f2dd-b5a3-4718-af8b-21d4c6d6afdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**PbG ]Ɋ& !XbG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ba9f2dd-b5a3-4718-af8b-21d4c6d6afdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**HbG ]Ɋ& !XbG F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ba9f2dd-b5a3-4718-af8b-21d4c6d6afdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**HbG ]Ɋ& !XbG F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ba9f2dd-b5a3-4718-af8b-21d4c6d6afdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**HbG ]Ɋ& !XbG F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ba9f2dd-b5a3-4718-af8b-21d4c6d6afdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e6bH**bG ]Ɋ& !bG F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ba9f2dd-b5a3-4718-af8b-21d4c6d6afdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0bea147-3325-4563-acb1-8956b969909a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**bG ]Ɋ& !bG F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ba9f2dd-b5a3-4718-af8b-21d4c6d6afdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0bea147-3325-4563-acb1-8956b969909a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**X G ]Ɋ& !X G F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c75eee01-f358-4bcc-8473-3c40ab3d2f11 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e55aX**p G ]Ɋ& !X G F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c75eee01-f358-4bcc-8473-3c40ab3d2f11 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**h G ]Ɋ& !X G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c75eee01-f358-4bcc-8473-3c40ab3d2f11 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` G ]Ɋ& !X G F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c75eee01-f358-4bcc-8473-3c40ab3d2f11 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**` G ]Ɋ& !X G F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c75eee01-f358-4bcc-8473-3c40ab3d2f11 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**` G ]Ɋ& !X G F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c75eee01-f358-4bcc-8473-3c40ab3d2f11 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`** G ]Ɋ& ! G F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c75eee01-f358-4bcc-8473-3c40ab3d2f11 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fbe5dab5-39f6-4187-b8c6-a75c85a24cc1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t** G ]Ɋ& ! G F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c75eee01-f358-4bcc-8473-3c40ab3d2f11 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fbe5dab5-39f6-4187-b8c6-a75c85a24cc1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=196**(,G ]Ɋ& !X,G F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=46412964-5079-4a7b-836a-4744e9b725cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@,G ]Ɋ& !X,G F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=46412964-5079-4a7b-836a-4744e9b725cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@,G ]Ɋ& !X,G F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=46412964-5079-4a7b-836a-4744e9b725cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8,G ]Ɋ& !X,G F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=46412964-5079-4a7b-836a-4744e9b725cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8 ,G ]Ɋ& !X,G  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=46412964-5079-4a7b-836a-4744e9b725cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8 ,G ]Ɋ& !X,G  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=46412964-5079-4a7b-836a-4744e9b725cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8** ,G ]Ɋ& !,G  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=46412964-5079-4a7b-836a-4744e9b725cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7ae003e5-f59a-4ec9-a1db-045a11f1bd09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c7** MŅG ]Ɋ& !MŅG  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=46412964-5079-4a7b-836a-4744e9b725cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7ae003e5-f59a-4ec9-a1db-045a11f1bd09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**X G ]Ɋ& !XG  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cdf5ebbb-b1cf-4d9e-98f1-91e8ae3273bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**pG ]Ɋ& !XG F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cdf5ebbb-b1cf-4d9e-98f1-91e8ae3273bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pG ]Ɋ& !XG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cdf5ebbb-b1cf-4d9e-98f1-91e8ae3273bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hG ]Ɋ& !XG F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cdf5ebbb-b1cf-4d9e-98f1-91e8ae3273bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**hG ]Ɋ& !XG F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cdf5ebbb-b1cf-4d9e-98f1-91e8ae3273bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**hG ]Ɋ& !XG F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cdf5ebbb-b1cf-4d9e-98f1-91e8ae3273bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c7h**G ]Ɋ&  !G F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cdf5ebbb-b1cf-4d9e-98f1-91e8ae3273bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0b41828-f514-408b-9d5a-4b51dc97d504 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**'G ]Ɋ& !'G F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cdf5ebbb-b1cf-4d9e-98f1-91e8ae3273bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0b41828-f514-408b-9d5a-4b51dc97d504 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue**'G ]Ɋ& '!X'G F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fc1f2e3e-7c60-4bc6-8297-548c57994cf8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**'G ]Ɋ& ?!X'G F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fc1f2e3e-7c60-4bc6-8297-548c57994cf8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**'G ]Ɋ& ;!X'G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fc1f2e3e-7c60-4bc6-8297-548c57994cf8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**'G ]Ɋ& 3!X'G F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fc1f2e3e-7c60-4bc6-8297-548c57994cf8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioX'G F&4e0b-a449-0214db672a7a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXG F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& X"bE F&dLine=8F& ElfChnkJJHGT[{Mu=VysMc&&** 'G ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X'G F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fc1f2e3e-7c60-4bc6-8297-548c57994cf8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **'G ]Ɋ& 5!X'G F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fc1f2e3e-7c60-4bc6-8297-548c57994cf8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0>G ]Ɋ& !>G F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fc1f2e3e-7c60-4bc6-8297-548c57994cf8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=19ec230b-308b-4747-87da-1b65738e0b5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=440**@XG ]Ɋ& !XG F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fc1f2e3e-7c60-4bc6-8297-548c57994cf8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=19ec230b-308b-4747-87da-1b65738e0b5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**7J ]Ɋ& )!X7J F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=59314304-ac16-410a-ad70-963b5fce3ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **7J ]Ɋ& A!X7J F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=59314304-ac16-410a-ad70-963b5fce3ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**7J ]Ɋ& =!X7J F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=59314304-ac16-410a-ad70-963b5fce3ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r** 7J ]Ɋ& 5!X7J  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=59314304-ac16-410a-ad70-963b5fce3ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d6**!7J ]Ɋ& 5!X7J! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=59314304-ac16-410a-ad70-963b5fce3ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns**"7J ]Ɋ& 7!X7J" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=59314304-ac16-410a-ad70-963b5fce3ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0#7J ]Ɋ& !7J# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=59314304-ac16-410a-ad70-963b5fce3ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd0de53b-bf46-4cfb-90b3-899a43cab93c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@$d J ]Ɋ& !d J$ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=59314304-ac16-410a-ad70-963b5fce3ab3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd0de53b-bf46-4cfb-90b3-899a43cab93c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**X%d J ]Ɋ& !Xd J% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f42b1e0e-6f24-41a1-a417-60ef76d81ce8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**p&d J ]Ɋ& !Xd J& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f42b1e0e-6f24-41a1-a417-60ef76d81ce8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h'd J ]Ɋ& !Xd J' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f42b1e0e-6f24-41a1-a417-60ef76d81ce8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`(d J ]Ɋ& !Xd J( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f42b1e0e-6f24-41a1-a417-60ef76d81ce8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`)d J ]Ɋ& !Xd J) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f42b1e0e-6f24-41a1-a417-60ef76d81ce8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h*d J ]Ɋ& !Xd J* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f42b1e0e-6f24-41a1-a417-60ef76d81ce8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh**+d J ]Ɋ&  !d J+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f42b1e0e-6f24-41a1-a417-60ef76d81ce8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a305a40c-8fee-46d2-836d-15245ec24a7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe**,J ]Ɋ& !J, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f42b1e0e-6f24-41a1-a417-60ef76d81ce8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a305a40c-8fee-46d2-836d-15245ec24a7e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**8-J ]Ɋ& !XJ- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=249dc371-7788-4ff5-91b2-fe36d32b00f3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**P.J ]Ɋ& !XJ. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=249dc371-7788-4ff5-91b2-fe36d32b00f3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**P/J ]Ɋ& !XJ/ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=249dc371-7788-4ff5-91b2-fe36d32b00f3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GP**H0J ]Ɋ& !XJ0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=249dc371-7788-4ff5-91b2-fe36d32b00f3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**H1J ]Ɋ& !XJ1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=249dc371-7788-4ff5-91b2-fe36d32b00f3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H2J ]Ɋ& !XJ2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=249dc371-7788-4ff5-91b2-fe36d32b00f3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**3J ]Ɋ& !J3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=249dc371-7788-4ff5-91b2-fe36d32b00f3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0eb8628e-3d9e-45ee-ad43-818fc9ff3cd2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4J ]Ɋ& !J4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=249dc371-7788-4ff5-91b2-fe36d32b00f3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0eb8628e-3d9e-45ee-ad43-818fc9ff3cd2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X5(J ]Ɋ& !X(J5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0c2f45f9-c524-49f1-b588-15111212a890 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**p6(J ]Ɋ& !X(J6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0c2f45f9-c524-49f1-b588-15111212a890 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h7(J ]Ɋ& !X(J7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0c2f45f9-c524-49f1-b588-15111212a890 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`8(J ]Ɋ& !X(J8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0c2f45f9-c524-49f1-b588-15111212a890 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7b`**`9(J ]Ɋ& !X(J9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0c2f45f9-c524-49f1-b588-15111212a890 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`:(J ]Ɋ& !X(J: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0c2f45f9-c524-49f1-b588-15111212a890 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**;(J ]Ɋ& !(J; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0c2f45f9-c524-49f1-b588-15111212a890 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=54e3c60c-3de3-4a19-9311-22c43f97a750 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**<(J ]Ɋ& !(J< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0c2f45f9-c524-49f1-b588-15111212a890 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=54e3c60c-3de3-4a19-9311-22c43f97a750 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==7a**(=J ]Ɋ& !XJ= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=85e559bf-d620-4fa2-b564-5cc69e438317 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@>J ]Ɋ& !XJ> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=85e559bf-d620-4fa2-b564-5cc69e438317 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@?J ]Ɋ& !XJ? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=85e559bf-d620-4fa2-b564-5cc69e438317 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**8@J ]Ɋ& !XJ@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=85e559bf-d620-4fa2-b564-5cc69e438317 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8AJ ]Ɋ& !XJA F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=85e559bf-d620-4fa2-b564-5cc69e438317 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8BJ ]Ɋ& !XJB F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=85e559bf-d620-4fa2-b564-5cc69e438317 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**CJ ]Ɋ& !JC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=85e559bf-d620-4fa2-b564-5cc69e438317 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d8834c22-eef6-4f00-be79-b4005375f21d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S**DUJ ]Ɋ& !UJD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=85e559bf-d620-4fa2-b564-5cc69e438317 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d8834c22-eef6-4f00-be79-b4005375f21d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**XEJ ]Ɋ& !XJE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c4188eb3-7b85-4569-be0e-b43661c48177 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pFJ ]Ɋ& !XJF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c4188eb3-7b85-4569-be0e-b43661c48177 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**pGJ ]Ɋ& !XJG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c4188eb3-7b85-4569-be0e-b43661c48177 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**hHJ ]Ɋ& !XJH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c4188eb3-7b85-4569-be0e-b43661c48177 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**hIJ ]Ɋ& !XJI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c4188eb3-7b85-4569-be0e-b43661c48177 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**hJJ ]Ɋ& !XJJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c4188eb3-7b85-4569-be0e-b43661c48177 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !JK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c4188eb3-7b85-4569-be0e-b43661c48177 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9f6c0a0a-d63d-4156-bc14-6d2d2583034e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkK}K}8dAMu=VysMc&&** KJ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !JK F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c4188eb3-7b85-4569-be0e-b43661c48177 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9f6c0a0a-d63d-4156-bc14-6d2d2583034e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **L}J ]Ɋ& !}JL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c4188eb3-7b85-4569-be0e-b43661c48177 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9f6c0a0a-d63d-4156-bc14-6d2d2583034e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=4**M}J ]Ɋ& '!X}JM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b7d664a7-13b0-4a47-a0f0-86352de87b14 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**N}J ]Ɋ& ?!X}JN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b7d664a7-13b0-4a47-a0f0-86352de87b14 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**O}J ]Ɋ& ;!X}JO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b7d664a7-13b0-4a47-a0f0-86352de87b14 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**P}J ]Ɋ& 3!X}JP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b7d664a7-13b0-4a47-a0f0-86352de87b14 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**Q}J ]Ɋ& 3!X}JQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b7d664a7-13b0-4a47-a0f0-86352de87b14 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **R}J ]Ɋ& 5!X}JR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b7d664a7-13b0-4a47-a0f0-86352de87b14 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**0S}J ]Ɋ& !}JS F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b7d664a7-13b0-4a47-a0f0-86352de87b14 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7c57038e-2071-4ab7-96eb-0e105e7608ad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=530**@TܮJ ]Ɋ& !ܮJT F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b7d664a7-13b0-4a47-a0f0-86352de87b14 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7c57038e-2071-4ab7-96eb-0e105e7608ad PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d P@**U> xmL ]Ɋ& )!X> xmLU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3394ca0d-b134-4ecf-9c91-91fa76d5c60e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**V> xmL ]Ɋ& A!X> xmLV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3394ca0d-b134-4ecf-9c91-91fa76d5c60e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**W> xmL ]Ɋ& =!X> xmLW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3394ca0d-b134-4ecf-9c91-91fa76d5c60e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X> xmL ]Ɋ& 5!X> xmLX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3394ca0d-b134-4ecf-9c91-91fa76d5c60e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**Y> xmL ]Ɋ& 5!X> xmLY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3394ca0d-b134-4ecf-9c91-91fa76d5c60e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl**Z> xmL ]Ɋ& 7!X> xmLZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3394ca0d-b134-4ecf-9c91-91fa76d5c60e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0[> xmL ]Ɋ& !> xmL[ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3394ca0d-b134-4ecf-9c91-91fa76d5c60e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=86f997ae-080d-4215-8ba2-edae1a6b29bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@\գxmL ]Ɋ& !գxmL\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3394ca0d-b134-4ecf-9c91-91fa76d5c60e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=86f997ae-080d-4215-8ba2-edae1a6b29bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art@**X]k9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=94b7de03-1a38-4f3e-8463-35c9f4199ace HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **p~mL ]Ɋ& !X~mL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=94b7de03-1a38-4f3e-8463-35c9f4199ace HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**h~mL ]Ɋ& !X~mL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=94b7de03-1a38-4f3e-8463-35c9f4199ace HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**h~mL ]Ɋ& !X~mL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=94b7de03-1a38-4f3e-8463-35c9f4199ace HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h~mL ]Ɋ& !X~mL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=94b7de03-1a38-4f3e-8463-35c9f4199ace HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**~mL ]Ɋ&  !~mL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=94b7de03-1a38-4f3e-8463-35c9f4199ace HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77f9e71d-6044-4c1b-a0b9-53053fad5a58 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**~mL ]Ɋ& !~mL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=94b7de03-1a38-4f3e-8463-35c9f4199ace HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77f9e71d-6044-4c1b-a0b9-53053fad5a58 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**~mL ]Ɋ& '!X~mL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dfa9d18e-0b2d-4fed-8f59-20ef3f730fb3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**~mL ]Ɋ& ?!X~mL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dfa9d18e-0b2d-4fed-8f59-20ef3f730fb3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**~mL ]Ɋ& ;!X~mL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dfa9d18e-0b2d-4fed-8f59-20ef3f730fb3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1fa**~mL ]Ɋ& 3!X~mL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dfa9d18e-0b2d-4fed-8f59-20ef3f730fb3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~mL ]Ɋ& 3!X~mL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dfa9d18e-0b2d-4fed-8f59-20ef3f730fb3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a76**~mL ]Ɋ& 5!X~mL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dfa9d18e-0b2d-4fed-8f59-20ef3f730fb3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0~mL ]Ɋ& !~mL F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dfa9d18e-0b2d-4fed-8f59-20ef3f730fb3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f6b1d315-8bb0-441d-a92b-707dd8548114 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@mL ]Ɋ& !mL F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dfa9d18e-0b2d-4fed-8f59-20ef3f730fb3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f6b1d315-8bb0-441d-a92b-707dd8548114 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**7N ]Ɋ& )!X7N F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e5ef5a52-3571-4902-a430-2dd2f210f0d4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **7N ]Ɋ& A!X7N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e5ef5a52-3571-4902-a430-2dd2f210f0d4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**7N ]Ɋ& =!X7N F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e5ef5a52-3571-4902-a430-2dd2f210f0d4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**7N ]Ɋ& 5!X7N F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e5ef5a52-3571-4902-a430-2dd2f210f0d4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**7N ]Ɋ& 5!X7N F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e5ef5a52-3571-4902-a430-2dd2f210f0d4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**7N ]Ɋ& 7!X7N F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e5ef5a52-3571-4902-a430-2dd2f210f0d4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**07N ]Ɋ& !7N F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e5ef5a52-3571-4902-a430-2dd2f210f0d4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e309cbe9-1955-4ed4-a670-7efc424fad50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@hN ]Ɋ& !hN F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e5ef5a52-3571-4902-a430-2dd2f210f0d4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e309cbe9-1955-4ed4-a670-7efc424fad50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**XfN ]Ɋ& !XfN F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=653f5494-86e5-4dd6-ad7c-b8eeaa931f93 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pfN ]Ɋ& !XfN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=653f5494-86e5-4dd6-ad7c-b8eeaa931f93 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**hfN ]Ɋ& !XfN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=653f5494-86e5-4dd6-ad7c-b8eeaa931f93 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`fN ]Ɋ& !XfN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=653f5494-86e5-4dd6-ad7c-b8eeaa931f93 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`fN ]Ɋ& !XfN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=653f5494-86e5-4dd6-ad7c-b8eeaa931f93 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hfN ]Ɋ& !XfN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=653f5494-86e5-4dd6-ad7c-b8eeaa931f93 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**fN ]Ɋ&  !fN F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=653f5494-86e5-4dd6-ad7c-b8eeaa931f93 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1137fba3-a4d5-4257-8379-2f1d92a5e592 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**N ]Ɋ& !N F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=653f5494-86e5-4dd6-ad7c-b8eeaa931f93 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1137fba3-a4d5-4257-8379-2f1d92a5e592 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8N ]Ɋ& !XN F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=05937c8a-f666-412f-a625-c52635a6cd4f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**PN ]Ɋ& !XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=05937c8a-f666-412f-a625-c52635a6cd4f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PN ]Ɋ& !XN F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=05937c8a-f666-412f-a625-c52635a6cd4f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**HN ]Ɋ& !XN F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=05937c8a-f666-412f-a625-c52635a6cd4f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**HN ]Ɋ& !XN F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=05937c8a-f666-412f-a625-c52635a6cd4f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**HN ]Ɋ& !XN F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=05937c8a-f666-412f-a625-c52635a6cd4f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**N ]Ɋ& !N F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=05937c8a-f666-412f-a625-c52635a6cd4f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=43bb26c4-3ff6-4401-8c47-bcc76b9769d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**N ]Ɋ& !N F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=05937c8a-f666-412f-a625-c52635a6cd4f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=43bb26c4-3ff6-4401-8c47-bcc76b9769d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X2N ]Ɋ& !X2N F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d90628b4-da2e-45e3-8378-ea2fbff49279 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**p2N ]Ɋ& !X2N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d90628b4-da2e-45e3-8378-ea2fbff49279 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**h2N ]Ɋ& !X2N F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d90628b4-da2e-45e3-8378-ea2fbff49279 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`2N ]Ɋ& !X2N F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d90628b4-da2e-45e3-8378-ea2fbff49279 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`2N ]Ɋ& !X2N F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d90628b4-da2e-45e3-8378-ea2fbff49279 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`2N ]Ɋ& !X2N F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d90628b4-da2e-45e3-8378-ea2fbff49279 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**2N ]Ɋ& !2N F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d90628b4-da2e-45e3-8378-ea2fbff49279 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84995374-46ac-4aae-9b88-c238ed8c55d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**2N ]Ɋ& !2N F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d90628b4-da2e-45e3-8378-ea2fbff49279 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84995374-46ac-4aae-9b88-c238ed8c55d0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**()N ]Ɋ& !X)N F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=96bc6a72-d4db-487d-b4aa-442f7e1c903a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@)N ]Ɋ& !X)N F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=96bc6a72-d4db-487d-b4aa-442f7e1c903a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@)N ]Ɋ& !X)N F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=96bc6a72-d4db-487d-b4aa-442f7e1c903a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@ 65535 Eng ]Ɋ& ndX)N F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X~mL~ F&aceId=9f6c0a0a-d63d-4156-bc14-6d2d2583034e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkpKAu`Mu=VysMc&&**8 )N ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X)N F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=96bc6a72-d4db-487d-b4aa-442f7e1c903a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8)N ]Ɋ& !X)N F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=96bc6a72-d4db-487d-b4aa-442f7e1c903a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8)N ]Ɋ& !X)N F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=96bc6a72-d4db-487d-b4aa-442f7e1c903a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**)N ]Ɋ& !)N F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=96bc6a72-d4db-487d-b4aa-442f7e1c903a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=30e3b10d-e8d2-4500-9570-4b4cff2d42b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=94**cN ]Ɋ& !cN F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=96bc6a72-d4db-487d-b4aa-442f7e1c903a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=30e3b10d-e8d2-4500-9570-4b4cff2d42b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**XN ]Ɋ& !XN F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pN ]Ɋ& !XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pN ]Ɋ& !XN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hN ]Ɋ& !XN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**hN ]Ɋ& !XN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**hN ]Ɋ& !XN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d-h**N ]Ɋ&  !N F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7ac7af9-4106-4bc4-aa39-247490bc781f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**^N ]Ɋ& !^N F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5af34b79-8b3e-48e1-b267-53c9218795e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7ac7af9-4106-4bc4-aa39-247490bc781f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[**GN ]Ɋ& '!XGN F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**GN ]Ɋ& ?!XGN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**GN ]Ɋ& ;!XGN F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**GN ]Ɋ& 3!XGN F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **GN ]Ɋ& 3!XGN F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp**GN ]Ɋ& 5!XGN F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0GN ]Ɋ& !GN F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ddba0b25-4cd1-4a8c-8788-373bfb5227ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@t(N ]Ɋ& !t(N F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=35450f4c-f598-42dd-bdf1-def73ea84716 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ddba0b25-4cd1-4a8c-8788-373bfb5227ac PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@**?$Q ]Ɋ& )!X?$Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**?$Q ]Ɋ& A!X?$Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**?$Q ]Ɋ& =!X?$Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**?$Q ]Ɋ& 5!X?$Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**?$Q ]Ɋ& 5!X?$Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**?$Q ]Ɋ& 7!X?$Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0?$Q ]Ɋ& !?$Q F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bb6ddc2-9c16-401c-af86-6bb345759d9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@@$Q ]Ɋ& !@$Q F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=238dd285-36b2-4259-a322-20a2670455bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bb6ddc2-9c16-401c-af86-6bb345759d9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e5-@**XlyA$Q ]Ɋ& !XlyA$Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**plyA$Q ]Ɋ& !XlyA$Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**hlyA$Q ]Ɋ& !XlyA$Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ch**`lyA$Q ]Ɋ& !XlyA$Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f`**`lyA$Q ]Ɋ& !XlyA$Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5`**hlyA$Q ]Ɋ& !XlyA$Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**lyA$Q ]Ɋ&  !lyA$Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2cd20e1a-0fe0-415c-9949-b6865b4bfbb1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**lyA$Q ]Ɋ& !lyA$Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33e96c79-3cb4-4bc9-b287-b6ed12847b00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2cd20e1a-0fe0-415c-9949-b6865b4bfbb1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8lyA$Q ]Ɋ& !XlyA$Q F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**PlyA$Q ]Ɋ& !XlyA$Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**PlyA$Q ]Ɋ& !XlyA$Q F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**HlyA$Q ]Ɋ& !XlyA$Q F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f492H**HlyA$Q ]Ɋ& !XlyA$Q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-837H**HlyA$Q ]Ɋ& !XlyA$Q F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b4-H**lyA$Q ]Ɋ& !lyA$Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fcb099f3-7f95-49d2-8a8f-55d919e94d65 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=279**B$Q ]Ɋ& !B$Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=403f1bd2-99b0-492b-bc7c-585aed437c35 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fcb099f3-7f95-49d2-8a8f-55d919e94d65 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7**XB$Q ]Ɋ& !XB$Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**pB$Q ]Ɋ& !XB$Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**hB$Q ]Ɋ& !XB$Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`B$Q ]Ɋ& !XB$Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CXB$Q F&wid@ 65535 Eng ]Ɋ& ndX)N F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X~mL~ F&aceId=9f6c0a0a-d63d-4156-bc14-6d2d2583034e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@{%HxMu=VysMc&&**hB$Q ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!XB$Q F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`B$Q ]Ɋ& !XB$Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**B$Q ]Ɋ& !B$Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d1161ff-49cb-4bbd-a009-fdea50a788f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**B$Q ]Ɋ& !B$Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=05fe06d4-fc34-4b8b-abc6-8a4328d25f2d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d1161ff-49cb-4bbd-a009-fdea50a788f3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(B$Q ]Ɋ& !XB$Q F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0(**@B$Q ]Ɋ& !XB$Q F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3@**@B$Q ]Ɋ& !XB$Q F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8B$Q ]Ɋ& !XB$Q F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8B$Q ]Ɋ& !XB$Q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8B$Q ]Ɋ& !XB$Q F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**B$Q ]Ɋ& !B$Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5dd08874-c80e-4b20-9291-5260ff22811c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**/CC$Q ]Ɋ& !/CC$Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=437d6821-1d79-4df7-979e-de8c74bad84e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5dd08874-c80e-4b20-9291-5260ff22811c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X E$Q ]Ɋ& !X E$Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p E$Q ]Ɋ& !X E$Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p E$Q ]Ɋ& !X E$Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h E$Q ]Ɋ& !X E$Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h E$Q ]Ɋ& !X E$Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h E$Q ]Ɋ& !X E$Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h** E$Q ]Ɋ&  ! E$Q F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=875d9ee3-76d6-49f3-9a0a-57c210cf46f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**E$Q ]Ɋ& !E$Q F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d4fd8580-29ba-4743-bbb9-357e542d302a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=875d9ee3-76d6-49f3-9a0a-57c210cf46f8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring** >F$Q ]Ɋ& '!X >F$Q F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O** >F$Q ]Ɋ& ?!X >F$Q F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l** >F$Q ]Ɋ& ;!X >F$Q F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** >F$Q ]Ɋ& 3!X >F$Q F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==23** >F$Q ]Ɋ& 3!X >F$Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li** >F$Q ]Ɋ& 5!X >F$Q F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=25**0 >F$Q ]Ɋ& ! >F$Q F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fdf3c430-e710-4167-9f2d-0f47c70f01f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@MoG$Q ]Ɋ& !MoG$Q F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8d73e28b-426c-4a1a-b3be-ca05c901e417 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fdf3c430-e710-4167-9f2d-0f47c70f01f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**S ]Ɋ& )!XS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**S ]Ɋ& A!XS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **S ]Ɋ& =!XS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**S ]Ɋ& 5!XS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**S ]Ɋ& 5!XS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **S ]Ɋ& 7!XS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0BS ]Ɋ& !BS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08fa0eda-be6b-40e3-87e5-9c8eb95d66fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@"S ]Ɋ& !"S F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1aee5587-ee81-42ca-bfe1-e18a0686a546 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08fa0eda-be6b-40e3-87e5-9c8eb95d66fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**XoS ]Ɋ& !XoS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**poS ]Ɋ& !XoS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hoS ]Ɋ& !XoS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`oS ]Ɋ& !XoS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**` oS ]Ɋ& !XoS  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**h oS ]Ɋ& !XoS  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich** oS ]Ɋ&  !oS  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a78d431b-b85f-440e-bb72-bb19c1e71a5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=** oS ]Ɋ& !oS  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ca0a4c35-e884-42c0-9969-36ebf7f05225 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a78d431b-b85f-440e-bb72-bb19c1e71a5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8 oS ]Ɋ& !XoS  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**PoS ]Ɋ& !XoS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**PoS ]Ɋ& !XoS F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**HoS ]Ɋ& !XoS F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**HoS ]Ɋ& !XoS F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8303H PipelineI ]Ɋ&  XoS F&ElfChnkBBhQ"YMu=VysMc&&**HoS ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! +!XoS F&F%g>9{p(xlMD EventDatauoData !BinaryxVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**oS ]Ɋ& !oS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=891e9467-6e3e-4ab2-a10a-12996f3b528a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**TS ]Ɋ& !TS F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0c4dfce3-e4e2-42c0-8520-b12a29de54b2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=891e9467-6e3e-4ab2-a10a-12996f3b528a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XTS ]Ɋ& !XTS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pTS ]Ɋ& !XTS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**hTS ]Ɋ& !XTS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`TS ]Ɋ& !XTS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`TS ]Ɋ& !XTS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`TS ]Ɋ& !XTS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**TS ]Ɋ& !TS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2784e33-a42d-430e-9927-27189757c94a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1111796c-b296-4d85-86e6-9a9f4408e168 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2784e33-a42d-430e-9927-27189757c94a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(S ]Ɋ& !XS F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@S ]Ɋ& !XS F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0@**@S ]Ɋ& !XS F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8 S ]Ɋ& !XS  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8!S ]Ɋ& !XS! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==d48**8"S ]Ɋ& !XS" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**#S ]Ɋ& !S# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f9d89f7d-f155-4b13-a353-3e2df0f4d636 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**$3S ]Ɋ& !3S$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=059ebff3-083a-4580-8f6a-a77b4bdd315c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f9d89f7d-f155-4b13-a353-3e2df0f4d636 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**X%S ]Ɋ& !XS% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**p&S ]Ɋ& !XS& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**p'S ]Ɋ& !XS' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**h(S ]Ɋ& !XS( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**h)S ]Ɋ& !XS) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h*S ]Ɋ& !XS* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**+S ]Ɋ&  !S+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d996150d-8841-4f28-82a9-5d280c317dd6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,#S ]Ɋ& !#S, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0fb9d18c-18e1-4c56-af94-f4d3ce8fa48b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d996150d-8841-4f28-82a9-5d280c317dd6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **- S ]Ɋ& '!X S- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**. S ]Ɋ& ?!X S. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**/ S ]Ɋ& ;!X S/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**0 S ]Ɋ& 3!X S0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**1 S ]Ɋ& 3!X S1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**2 S ]Ɋ& 5!X S2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**03 S ]Ɋ& ! S3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d9fc97eb-c42b-4e6e-b46c-ed72cfb152a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@4I!S ]Ɋ& !I!S4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b1522d69-0693-4270-9bf1-4705738eacbf HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d9fc97eb-c42b-4e6e-b46c-ed72cfb152a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d @**5=XU ]Ɋ& )!X=XU5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uctS**6=XU ]Ɋ& A!X=XU6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=curi**7=XU ]Ɋ& =!X=XU7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8=XU ]Ɋ& 5!X=XU8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **9=XU ]Ɋ& 5!X=XU9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi**:=XU ]Ɋ& 7!X=XU: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0;=XU ]Ɋ& !=XU; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f54eb99c-4d18-4c93-ac5b-a089d64c3fe4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@<jEYU ]Ɋ& !jEYU< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=efc794a7-5f76-4076-879e-8914d7bdd128 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f54eb99c-4d18-4c93-ac5b-a089d64c3fe4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X=-[U ]Ɋ& !X-[U= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p>-[U ]Ɋ& !X-[U> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h?-[U ]Ɋ& !X-[U? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`@-[U ]Ɋ& !X-[U@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`A-[U ]Ɋ& !X-[UA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hB-[U ]Ɋ& !X-[UB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h ]Ɋ& XoS-[UElfChnkCsCsln wMu=VysMc&&**C-[U ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !-[UC F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2fd4349-e511-4eca-84bb-98213058a0d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**D-[U ]Ɋ& !-[UD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f712e6b4-4067-4725-847e-3bf251791c23 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f2fd4349-e511-4eca-84bb-98213058a0d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8Eħ[U ]Ɋ& !Xħ[UE F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PFħ[U ]Ɋ& !Xħ[UF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**PGħ[U ]Ɋ& !Xħ[UG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**P**HHħ[U ]Ɋ& !Xħ[UH F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**HIħ[U ]Ɋ& !Xħ[UI F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**HJħ[U ]Ɋ& !Xħ[UJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**Kħ[U ]Ɋ& !ħ[UK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b7a4d06a-27bc-4479-aa69-3172cff32327 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLi**Lħ[U ]Ɋ& !ħ[UL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4c11ce01-f267-4171-8850-9383e3824756 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b7a4d06a-27bc-4479-aa69-3172cff32327 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**XMħ[U ]Ɋ& !Xħ[UM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNamX**pNħ[U ]Ɋ& !Xħ[UN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**hOħ[U ]Ɋ& !Xħ[UO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**`Pħ[U ]Ɋ& !Xħ[UP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca`**`Qħ[U ]Ɋ& !Xħ[UQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`Rħ[U ]Ɋ& !Xħ[UR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**SZ@\U ]Ɋ& !Z@\US F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d7c59bd-0099-4bf6-b01d-37b371ba9ae4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**TZ@\U ]Ɋ& !Z@\UT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=28b7f5b5-8fc7-42f8-8f62-cf99736758ae HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d7c59bd-0099-4bf6-b01d-37b371ba9ae4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(UZ@\U ]Ɋ& !XZ@\UU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@VZ@\U ]Ɋ& !XZ@\UV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@WZ@\U ]Ɋ& !XZ@\UW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da@**8XZ@\U ]Ɋ& !XZ@\UX F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on\8**8YZ@\U ]Ɋ& !XZ@\UY F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver8**8ZZ@\U ]Ɋ& !XZ@\UZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**[Z@\U ]Ɋ& !Z@\U[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ac277ed4-d766-4564-b8a0-8b8d893d277d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri**\\U ]Ɋ& !\U\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=27b21ea8-90fc-402a-8020-3ffaf2cb3198 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ac277ed4-d766-4564-b8a0-8b8d893d277d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | O**X]K;_U ]Ɋ& !XK;_U] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p^K;_U ]Ɋ& !XK;_U^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**p_K;_U ]Ɋ& !XK;_U_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fo]p**h`K;_U ]Ɋ& !XK;_U` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**haK;_U ]Ɋ& !XK;_Ua F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hbK;_U ]Ɋ& !XK;_Ub F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Coh**cK;_U ]Ɋ&  !K;_Uc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b1f281d-d7e3-4037-834e-d67485dbd914 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**d_U ]Ɋ& !_Ud F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b9b9bd2a-2d59-48d7-a3f4-5c823e30a4bb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8b1f281d-d7e3-4037-834e-d67485dbd914 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**e_U ]Ɋ& '!X_Ue F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**f_U ]Ɋ& ?!X_Uf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**g_U ]Ɋ& ;!X_Ug F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as**h_U ]Ɋ& 3!X_Uh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ing**i_U ]Ɋ& 3!X_Ui F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art**j_U ]Ɋ& 5!X_Uj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65**0k_U ]Ɋ& !_Uk F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2050e0cf-4ff4-4534-b06c-45e80087a3ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@lxl`U ]Ɋ& !xl`Ul F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=57105530-cbb9-4e53-9d34-4e6be7c5ee31 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2050e0cf-4ff4-4534-b06c-45e80087a3ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c93-@**mxl6X ]Ɋ& )!Xxl6Xm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**nxl6X ]Ɋ& A!Xxl6Xn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**oxl6X ]Ɋ& =!Xxl6Xo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=25**pxl6X ]Ɋ& 5!Xxl6Xp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**qxl6X ]Ɋ& 5!Xxl6Xq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**rxl6X ]Ɋ& 7!Xxl6Xr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0sxl6X ]Ɋ& !xl6Xs F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae05385f-4352-4566-b3ba-59d344564eb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 XoS-[UElfChnkttXQMu=VysMc&&**@t6X ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!6Xt F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae05385f-4352-4566-b3ba-59d344564eb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xu6X ]Ɋ& !X6Xu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ecaX**pv6X ]Ɋ& !X6Xv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**hw6X ]Ɋ& !X6Xw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`x6X ]Ɋ& !X6Xx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`y6X ]Ɋ& !X6Xy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hz6X ]Ɋ& !X6Xz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**{6X ]Ɋ&  !6X{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7c5f468-9a9a-49bb-b919-2f4618f160c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**|6X ]Ɋ& !6X| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b98ce8db-eb21-4bef-8dd5-20a2fd86eac3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7c5f468-9a9a-49bb-b919-2f4618f160c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8};66X ]Ɋ& !X;66X} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**P~;66X ]Ɋ& !X;66X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**P;66X ]Ɋ& !X;66X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**H;66X ]Ɋ& !X;66X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**H;66X ]Ɋ& !X;66X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**H;66X ]Ɋ& !X;66X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**;66X ]Ɋ& !;66X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76da4c5f-40dc-42c1-94b7-ba27264f5df3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**;66X ]Ɋ& !;66X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e9e21fbd-b5c2-4d96-8e4f-17f9e8b9a69b HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76da4c5f-40dc-42c1-94b7-ba27264f5df3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**X;66X ]Ɋ& !X;66X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-37bX**p;66X ]Ɋ& !X;66X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h;66X ]Ɋ& !X;66X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`;66X ]Ɋ& !X;66X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c-`**`;66X ]Ɋ& !X;66X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`;66X ]Ɋ& !X;66X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**;66X ]Ɋ& !;66X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=600f4cac-bbab-4d35-a698-8999d3942381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**;66X ]Ɋ& !;66X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=67c4f4a9-28d0-4541-8f19-2379a261b9ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=600f4cac-bbab-4d35-a698-8999d3942381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(μ6X ]Ɋ& !Xμ6X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@μ6X ]Ɋ& !Xμ6X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@μ6X ]Ɋ& !Xμ6X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8μ6X ]Ɋ& !Xμ6X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8μ6X ]Ɋ& !Xμ6X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8μ6X ]Ɋ& !Xμ6X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**μ6X ]Ɋ& !μ6X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a27c875a-1ad6-4189-b4b1-77306917576c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **hg6X ]Ɋ& !hg6X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=808f50ad-8a18-42bc-b96c-7627d2d9e67a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a27c875a-1ad6-4189-b4b1-77306917576c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**X6X ]Ɋ& !X6X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p6X ]Ɋ& !X6X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p6X ]Ɋ& !X6X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**h6X ]Ɋ& !X6X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**h6X ]Ɋ& !X6X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**h6X ]Ɋ& !X6X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh**6X ]Ɋ&  !6X F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=035c63b1-1767-457c-9b22-2f3fe8ebcea6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**6X ]Ɋ& !6X F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0322e626-8a06-40c0-8418-241494c39e40 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=035c63b1-1767-457c-9b22-2f3fe8ebcea6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**6X ]Ɋ& '!X6X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**6X ]Ɋ& ?!X6X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**6X ]Ɋ& ;!X6X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**6X ]Ɋ& 3!X6X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro**6X ]Ɋ& 3!X6X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**6X ]Ɋ& 5!X6X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **06X ]Ɋ& !6X F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0342a6f2-1965-44ed-9ed9-34584d1a48d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os,6X F&on=4.0 HostId=7c58f91a-acdb-4df7-8c72-32b0936227aa HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ae05385f-4352-4566-b3ba-59d344564eb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 XoS-[UElfChnk%N_[Mu=VysMc&&**@ ,6X ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!,6X F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=35db3f18-fd68-4363-b010-4049cc81fad0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0342a6f2-1965-44ed-9ed9-34584d1a48d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ **Z ]Ɋ& )!XZ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=3 **Z ]Ɋ& A!XZ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNa**Z ]Ɋ& =!XZ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Z ]Ɋ& 5!XZ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Z ]Ɋ& 5!XZ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**Z ]Ɋ& 7!XZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0lZ ]Ɋ& !lZ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1610774-3b3b-4d43-bf7c-407b3db9e540 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@BZ ]Ɋ& !BZ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=697ba8bc-3144-498e-b78c-d598d4031e85 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1610774-3b3b-4d43-bf7c-407b3db9e540 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X/sZ ]Ɋ& !X/sZ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p/sZ ]Ɋ& !X/sZ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h/sZ ]Ɋ& !X/sZ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`/sZ ]Ɋ& !X/sZ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`/sZ ]Ɋ& !X/sZ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h/sZ ]Ɋ& !X/sZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**/sZ ]Ɋ&  !/sZ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af000d66-5a24-4a2b-867d-a5a4ccf49a72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **/sZ ]Ɋ& !/sZ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e32fb4ad-96b3-47db-a940-db2df2ef13fa HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af000d66-5a24-4a2b-867d-a5a4ccf49a72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8 Z ]Ɋ& !X Z F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P Z ]Ɋ& !X Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P Z ]Ɋ& !X Z F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H Z ]Ɋ& !X Z F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**H Z ]Ɋ& !X Z F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**H Z ]Ɋ& !X Z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH** Z ]Ɋ& ! Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b3c3d8fa-f6b7-4f9e-b562-a32522aed4fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft** Z ]Ɋ& ! Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=501dfb72-f62b-458d-ab61-08d6c9dd4d23 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b3c3d8fa-f6b7-4f9e-b562-a32522aed4fb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**XZ ]Ɋ& !XZ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**pZ ]Ɋ& !XZ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**hZ ]Ɋ& !XZ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`Z ]Ɋ& !XZ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`Z ]Ɋ& !XZ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`Z ]Ɋ& !XZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**MZ ]Ɋ& !MZ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82888bc9-d272-4d73-8209-0bca7daa798c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**MZ ]Ɋ& !MZ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2a9da087-5509-4901-822b-cdf669d222ed HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82888bc9-d272-4d73-8209-0bca7daa798c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(Z ]Ɋ& !XZ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c(**@Z ]Ɋ& !XZ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@Z ]Ɋ& !XZ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8Z ]Ɋ& !XZ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8Z ]Ɋ& !XZ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8Z ]Ɋ& !XZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**Z ]Ɋ& !Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a5c0e174-9ecd-4a1e-9576-ab2c12a889a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**.Z ]Ɋ& !.Z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6f1b98fc-ec87-4044-8b35-1d3f49eb54cf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a5c0e174-9ecd-4a1e-9576-ab2c12a889a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**X#Z ]Ɋ& !X#Z F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=678448a9-bb5d-4d61-b86c-c26e54a4362c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p#Z ]Ɋ& !X#Z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=678448a9-bb5d-4d61-b86c-c26e54a4362c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p#Z ]Ɋ& !X#Z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=678448a9-bb5d-4d61-b86c-c26e54a4362c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**h#Z ]Ɋ& !X#Z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=678448a9-bb5d-4d61-b86c-c26e54a4362c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**h#Z ]Ɋ& !X#Z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=678448a9-bb5d-4d61-b86c-c26e54a4362c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9cch**h#Z ]Ɋ& !X#Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=678448a9-bb5d-4d61-b86c-c26e54a4362c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**#Z ]Ɋ&  !#Z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=678448a9-bb5d-4d61-b86c-c26e54a4362c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5fd315b0-1a41-4faa-844b-05539cb6d20f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6629de71-126c-4653-a197-abf93f02edb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt **TZ ]Ɋ& ;!XTZ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6629de71-126c-4653-a197-abf93f02edb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**TZ ]Ɋ& 3!XTZ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6629de71-126c-4653-a197-abf93f02edb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma**TZ ]Ɋ& 3!XTZ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6629de71-126c-4653-a197-abf93f02edb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0**TZ ]Ɋ& 5!XTZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6629de71-126c-4653-a197-abf93f02edb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0TZ ]Ɋ& !TZ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6629de71-126c-4653-a197-abf93f02edb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4702cac4-53f2-426f-bfee-3c55d1c08bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI0**@iZ ]Ɋ& !iZ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6629de71-126c-4653-a197-abf93f02edb7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4702cac4-53f2-426f-bfee-3c55d1c08bd1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**V\ ]Ɋ& )!XV\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**V\ ]Ɋ& A!XV\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntiv**V\ ]Ɋ& =!XV\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**V\ ]Ɋ& 5!XV\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b4**V\ ]Ɋ& 5!XV\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um**V\ ]Ɋ& 7!XV\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0V\ ]Ɋ& !V\ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7a93a29b-8be2-4088-9fba-e9461b010a2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@#W\ ]Ɋ& !#W\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a3979c6e-2187-46e9-b988-8f7347643992 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7a93a29b-8be2-4088-9fba-e9461b010a2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= @**XTX\ ]Ɋ& !XTX\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==X**pTX\ ]Ɋ& !XTX\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**hTX\ ]Ɋ& !XTX\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`TX\ ]Ɋ& !XTX\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`TX\ ]Ɋ& !XTX\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hTX\ ]Ɋ& !XTX\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**TX\ ]Ɋ&  !TX\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=07eeb529-d4bf-4669-9153-5d0f7a767208 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ÿ**SX\ ]Ɋ& !SX\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d9c3ac2-0f28-41f1-8340-c32ea3658077 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=07eeb529-d4bf-4669-9153-5d0f7a767208 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8SX\ ]Ɋ& !XSX\ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PSX\ ]Ɋ& !XSX\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PSX\ ]Ɋ& !XSX\ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HSX\ ]Ɋ& !XSX\ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HSX\ ]Ɋ& !XSX\ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HSX\ ]Ɋ& !XSX\ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**SX\ ]Ɋ& !SX\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b7573cb8-ae4c-4214-9f4b-adf9d37126a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****Y\ ]Ɋ& !Y\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=84eb6298-0342-4695-ae89-ff535589ee75 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b7573cb8-ae4c-4214-9f4b-adf9d37126a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**XY\ ]Ɋ& !XY\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginX**pY\ ]Ɋ& !XY\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hY\ ]Ɋ& !XY\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leh**`Y\ ]Ɋ& !XY\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H`**`Y\ ]Ɋ& !XY\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`Y\ ]Ɋ& !XY\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Y\ ]Ɋ& !Y\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2f701f9-0709-4b51-832a-fb0cd4f0aa7f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**Y\ ]Ɋ& !Y\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=620677b0-56c4-46b6-8185-312e3febda82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2f701f9-0709-4b51-832a-fb0cd4f0aa7f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**(Z\ ]Ɋ& !XZ\ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@Z\ ]Ɋ& !XZ\ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@Z\ ]Ɋ& !XZ\ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= en@**8Z\ ]Ɋ& !XZ\ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8Z\ ]Ɋ& !XZ\ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=#8**8Z\ ]Ɋ& !XZ\ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**Z\ ]Ɋ& !Z\ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=accf83fb-7cd2-4c64-b7d2-01b77ce83845 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='i**Z\ ]Ɋ& !Z\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=656661cd-37ce-48e8-99c2-5aaaaea1f802 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=accf83fb-7cd2-4c64-b7d2-01b77ce83845 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | f**Xڀ\\ ]Ɋ& !Xڀ\\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pڀ\\ ]Ɋ& !Xڀ\\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=op**pڀ\\ ]Ɋ& !Xڀ\\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,Dp**hڀ\\ ]Ɋ& !Xڀ\\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nabhd | Out-Stri ]Ɋ& d=Xڀ\\  F&4564eb0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 XoS-[UElfChnk ; ;ꩡןMu=VysMc&&**h ڀ\\ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!Xڀ\\  F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h ڀ\\ ]Ɋ& !Xڀ\\  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh** ڀ\\ ]Ɋ&  !ڀ\\  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5601e6ab-602b-4c76-a391-7e2056b63525 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H** p]\ ]Ɋ& !p]\  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=50c50488-6609-46f4-ac59-fe095f6676e9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5601e6ab-602b-4c76-a391-7e2056b63525 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name** ]\ ]Ɋ& '!X]\  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**]\ ]Ɋ& ?!X]\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**]\ ]Ɋ& ;!X]\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f73**]\ ]Ɋ& 3!X]\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**]\ ]Ɋ& 3!X]\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=347**]\ ]Ɋ& 5!X]\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0]\ ]Ɋ& !]\ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=81cacc17-ce6b-4b25-9122-ea4434c93add PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@J^\ ]Ɋ& !J^\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=56aca2c9-b43f-424a-b33d-f658196aef91 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=81cacc17-ce6b-4b25-9122-ea4434c93add PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**G)5I_ ]Ɋ& )!XG)5I_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **G)5I_ ]Ɋ& A!XG)5I_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**G)5I_ ]Ɋ& =!XG)5I_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**G)5I_ ]Ɋ& 5!XG)5I_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**G)5I_ ]Ɋ& 5!XG)5I_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**G)5I_ ]Ɋ& 7!XG)5I_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0G)5I_ ]Ɋ& !G)5I_ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=626cb139-3689-4734-a6ad-2b46f37f2d9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@tZ6I_ ]Ɋ& !tZ6I_ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=41eb56dd-5eb2-4564-9231-65917c61e173 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=626cb139-3689-4734-a6ad-2b46f37f2d9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**X 6I_ ]Ɋ& !X 6I_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p 6I_ ]Ɋ& !X 6I_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**h 6I_ ]Ɋ& !X 6I_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**` 6I_ ]Ɋ& !X 6I_  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`! 6I_ ]Ɋ& !X 6I_! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**h" 6I_ ]Ɋ& !X 6I_" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**# 6I_ ]Ɋ&  ! 6I_# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ee59ac12-102c-42e4-a86c-fe4c5cfbd3f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**$ 6I_ ]Ɋ& ! 6I_$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0f5830d-5d5a-48a9-81a7-d5c7e99a539d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ee59ac12-102c-42e4-a86c-fe4c5cfbd3f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8%7I_ ]Ɋ& !X7I_% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**P&7I_ ]Ɋ& !X7I_& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P'7I_ ]Ɋ& !X7I_' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H(7I_ ]Ɋ& !X7I_( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**H)7I_ ]Ɋ& !X7I_) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**H*7I_ ]Ɋ& !X7I_* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**+7I_ ]Ɋ& !7I_+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85aa62fa-4302-4a19-9ab2-cf2d588d460c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**,7I_ ]Ɋ& !7I_, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40484ad4-9a9d-4d45-aff3-7175368cec49 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85aa62fa-4302-4a19-9ab2-cf2d588d460c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X-7I_ ]Ɋ& !X7I_- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**p.7I_ ]Ɋ& !X7I_. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**h/7I_ ]Ɋ& !X7I_/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`07I_ ]Ɋ& !X7I_0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`17I_ ]Ɋ& !X7I_1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`27I_ ]Ɋ& !X7I_2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**38$8I_ ]Ɋ& !8$8I_3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4c763ee-83fd-40db-bb8c-ba2632072c02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**48$8I_ ]Ɋ& !8$8I_4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07bc672f-32f4-4d66-95d0-480cacc9405b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4c763ee-83fd-40db-bb8c-ba2632072c02 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(58$8I_ ]Ɋ& !X8$8I_5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@68$8I_ ]Ɋ& !X8$8I_6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@78$8I_ ]Ɋ& !X8$8I_7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@**888$8I_ ]Ɋ& !X8$8I_8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da8**898$8I_ ]Ɋ& !X8$8I_9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\Un8**8:8$8I_ ]Ɋ& !X8$8I_: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on8**;8$8I_ ]Ɋ& !8$8I_; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8f6f63e7-d222-4a58-a8b7-643b773848c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id CommandNam ]Ɋ&  μ8I_< F&oS-[UElfChnk<m<mpxMu=VysMc&&** <μ8I_ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! y!μ8I_< F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3ae828b-abf5-4b9d-92bc-f0038ec0ec3f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8f6f63e7-d222-4a58-a8b7-643b773848c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X=:I_ ]Ɋ& !X:I_= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sX**p>:I_ ]Ɋ& !X:I_> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p?:I_ ]Ɋ& !X:I_? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izep**h@:I_ ]Ɋ& !X:I_@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hA:I_ ]Ɋ& !X:I_A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**hB:I_ ]Ɋ& !X:I_B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]h**C:I_ ]Ɋ&  !:I_C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=db9832bd-bc83-45da-8ef6-1d980af6ef53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**D(;I_ ]Ɋ& !(;I_D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f8bcaba2-16fd-486b-88dc-0fc0a7de130e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=db9832bd-bc83-45da-8ef6-1d980af6ef53 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**E;I_ ]Ɋ& '!X;I_E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=79305533-7d20-4b2e-9db6-c726adaf47a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**F;I_ ]Ɋ& ?!X;I_F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=79305533-7d20-4b2e-9db6-c726adaf47a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**G;I_ ]Ɋ& ;!X;I_G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=79305533-7d20-4b2e-9db6-c726adaf47a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta**H;I_ ]Ɋ& 3!X;I_H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=79305533-7d20-4b2e-9db6-c726adaf47a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**I;I_ ]Ɋ& 3!X;I_I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=79305533-7d20-4b2e-9db6-c726adaf47a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate**J;I_ ]Ɋ& 5!X;I_J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=79305533-7d20-4b2e-9db6-c726adaf47a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**0K;I_ ]Ɋ& !;I_K F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=79305533-7d20-4b2e-9db6-c726adaf47a4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a841badc-9759-42ab-9f0f-9e90a0dcbb23 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st0**@L9{p(xlMD EventDatauoData !BinarytEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1154d0b9-7d7e-4b24-ae0e-723c9729a79f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptH **@od0a ]Ɋ& !Xd0ao F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1154d0b9-7d7e-4b24-ae0e-723c9729a79f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIn@**8pd0a ]Ɋ& !Xd0ap F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1154d0b9-7d7e-4b24-ae0e-723c9729a79f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=isp8**8qd0a ]Ɋ& !Xd0aq F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1154d0b9-7d7e-4b24-ae0e-723c9729a79f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8rd0a ]Ɋ& !Xd0ar F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1154d0b9-7d7e-4b24-ae0e-723c9729a79f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc8**sd0a ]Ɋ& !d0as F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1154d0b9-7d7e-4b24-ae0e-723c9729a79f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c71be44f-ef9b-4229-8d7c-06112b82db40 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**td0a ]Ɋ& !d0at F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1154d0b9-7d7e-4b24-ae0e-723c9729a79f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c71be44f-ef9b-4229-8d7c-06112b82db40 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa**Xu'2a ]Ɋ& !X'2au F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pv'2a ]Ɋ& !X'2av F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pw'2a ]Ɋ& !X'2aw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b98p**hx'2a ]Ɋ& !X'2ax F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**hy'2a ]Ɋ& !X'2ay F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;h**hz'2a ]Ɋ& !X'2az F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**{'2a ]Ɋ&  !'2a{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6e1f8fff-56f5-4dee-9ebd-a2ee45997158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**|_3a ]Ɋ& !_3a| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5357cf2e-dcc8-4e1d-b660-33f7af700c63 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6e1f8fff-56f5-4dee-9ebd-a2ee45997158 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wers**}_3a ]Ɋ& '!X_3a} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**~_3a ]Ɋ& ?!X_3a~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7**_3a ]Ɋ& ;!X_3a F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**_3a ]Ɋ& 3!X_3a F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**_3a ]Ɋ& 3!X_3a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**_3a ]Ɋ& 5!X_3a F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0_3a ]Ɋ& !_3a F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b0eaf9d2-1edf-4ecc-8f24-772c3ddd013b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ea0**@4a ]Ɋ& !4a F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a9ced7f9-b3bc-412b-9473-fbed735a2f56 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b0eaf9d2-1edf-4ecc-8f24-772c3ddd013b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**sc ]Ɋ& )!Xsc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam**sc ]Ɋ& A!Xsc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**sc ]Ɋ& =!Xsc F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= A**sc ]Ɋ& 5!Xsc F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**sc ]Ɋ& 5!Xsc F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**sc ]Ɋ& 7!Xsc F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0sc ]Ɋ& !sc F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5df37948-3266-4f74-bd78-b5d3d6cf52f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@c ]Ɋ& !c F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4ea29db8-0535-48f9-970b-985b0bf63133 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5df37948-3266-4f74-bd78-b5d3d6cf52f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X c ]Ɋ& !X c F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p c ]Ɋ& !X c F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h c ]Ɋ& !X c F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` c ]Ɋ& !X c F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` c ]Ɋ& !X c F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h c ]Ɋ& !X c F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh** c ]Ɋ&  ! c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=377b3a5f-4bb5-467b-9839-d0b2670b09c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Non**dc ]Ɋ& !dc F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee749d80-a07a-4856-877d-7bb2a31b2284 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=377b3a5f-4bb5-467b-9839-d0b2670b09c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8dc ]Ɋ& !Xdc F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s 8**Pdc ]Ɋ& !Xdc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNP**Pdc ]Ɋ& !Xdc F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StaP**Hdc ]Ɋ& !Xdc F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hdc ]Ɋ& !Xdc F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hdc ]Ɋ& !Xdc F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7H**dc ]Ɋ& !dc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=917b2eb5-3aa1-4fe0-949f-78041aefc52d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**>c ]Ɋ& !>c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e0d139a3-6aa9-4a87-bc9a-933bc45fe813 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=917b2eb5-3aa1-4fe0-949f-78041aefc52d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xc ]Ɋ& !Xc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pc ]Ɋ& !Xc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndTyp= ScriptNa ]Ɋ& = Xc F&  Xd0an F&  μ8I_< F&oS-[UElfChnk(xEܧ?MMu=VysMc&&**pc ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!Xc F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**`c ]Ɋ& !Xc F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io`**`c ]Ɋ& !Xc F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le`**`c ]Ɋ& !Xc F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**Tc ]Ɋ& !Tc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4aa39b69-4220-40c1-9cf4-b78faa73ef5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**Tc ]Ɋ& !Tc F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d6a0e385-427b-45d4-8995-e76469d7dd03 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4aa39b69-4220-40c1-9cf4-b78faa73ef5a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**(Tc ]Ɋ& !XTc F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@Tc ]Ɋ& !XTc F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2@**@Tc ]Ɋ& !XTc F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 6@**8Tc ]Ɋ& !XTc F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8Tc ]Ɋ& !XTc F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nst8**8Tc ]Ɋ& !XTc F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.08**9c ]Ɋ& !9c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5729427f-8244-4e91-a44c-ab88ed8a4faa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **c ]Ɋ& !c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ecd9e66c-56a3-460d-939b-3a40cfc4eedb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5729427f-8244-4e91-a44c-ab88ed8a4faa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='2**X5c ]Ɋ& !X5c F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p5c ]Ɋ& !X5c F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p5c ]Ɋ& !X5c F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**h5c ]Ɋ& !X5c F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**h5c ]Ɋ& !X5c F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**h5c ]Ɋ& !X5c F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**5c ]Ɋ&  !5c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5faa03d-4d49-4e32-a527-77b83858daeb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**/c ]Ɋ& !/c F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=84b65741-15e9-4979-b334-43cd2196d68a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f5faa03d-4d49-4e32-a527-77b83858daeb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= . |**bc ]Ɋ& '!Xbc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**bc ]Ɋ& ?!Xbc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**bc ]Ɋ& ;!Xbc F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bf6**bc ]Ɋ& 3!Xbc F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**bc ]Ɋ& 3!Xbc F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=631**bc ]Ɋ& 5!Xbc F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0bc ]Ɋ& !bc F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3e81c8a8-40f9-4ce2-8fc3-32df68681a32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@`c ]Ɋ& !`c F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=93407cf6-dcff-4dc0-9ffb-3a2f1f86d72c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3e81c8a8-40f9-4ce2-8fc3-32df68681a32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**n[f ]Ɋ& )!Xn[f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com**n[f ]Ɋ& A!Xn[f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= **n[f ]Ɋ& =!Xn[f F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut**n[f ]Ɋ& 5!Xn[f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 **n[f ]Ɋ& 5!Xn[f F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**n[f ]Ɋ& 7!Xn[f F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0n[f ]Ɋ& !n[f F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=55aaae59-fe35-4833-b93a-1317d52b8858 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t0**@[f ]Ɋ& ![f F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a02c6398-13c6-4a5d-8b67-5d43dd450036 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=55aaae59-fe35-4833-b93a-1317d52b8858 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=top@**X1V[f ]Ɋ& !X1V[f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p1V[f ]Ɋ& !X1V[f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stp**h1V[f ]Ɋ& !X1V[f F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`1V[f ]Ɋ& !X1V[f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n`**`1V[f ]Ɋ& !X1V[f F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**h1V[f ]Ɋ& !X1V[f F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Stah**1V[f ]Ɋ&  !1V[f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5da8a288-319d-4af3-af2d-52b9773f0a86 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**1V[f ]Ɋ& !1V[f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8a9ee01c-6874-40a6-a555-c128ef415f3a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5da8a288-319d-4af3-af2d-52b9773f0a86 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**8[f ]Ɋ& !X[f F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**P[f ]Ɋ& !X[f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ueP**P[f ]Ɋ& !X[f F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P  ]Ɋ& F&oSXElfChnk0$P^fMu=VysMc&&**H[f ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X[f F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H[f ]Ɋ& !X[f F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H[f ]Ɋ& !X[f F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**[f ]Ɋ& ![f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=44127589-a774-4dd0-9851-da1565160596 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**"Q[f ]Ɋ& !"Q[f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=387858c2-4a6d-4a03-a356-adc143ca5aa4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=44127589-a774-4dd0-9851-da1565160596 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**X"Q[f ]Ɋ& !X"Q[f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**p"Q[f ]Ɋ& !X"Q[f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**h"Q[f ]Ɋ& !X"Q[f F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`"Q[f ]Ɋ& !X"Q[f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`"Q[f ]Ɋ& !X"Q[f F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`"Q[f ]Ɋ& !X"Q[f F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**"Q[f ]Ɋ& !"Q[f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3289ca88-5c6b-4948-81af-5b9573cb88f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[f ]Ɋ& ![f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1f66e41d-bb97-4d47-a294-7b69bf38dfb3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3289ca88-5c6b-4948-81af-5b9573cb88f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **(|[f ]Ɋ& !X|[f F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@|[f ]Ɋ& !X|[f F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@|[f ]Ɋ& !X|[f F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**8|[f ]Ɋ& !X|[f F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**8|[f ]Ɋ& !X|[f F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**8|[f ]Ɋ& !X|[f F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**|[f ]Ɋ& !|[f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=50bbd76c-9efe-43e3-92a4-d2f7bd99292a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**[f ]Ɋ& ![f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3509d560-c606-4fe3-b275-23baee2bf9d2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=50bbd76c-9efe-43e3-92a4-d2f7bd99292a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**X[f ]Ɋ& !X[f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p[f ]Ɋ& !X[f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p[f ]Ɋ& !X[f F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**h[f ]Ɋ& !X[f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**h[f ]Ɋ& !X[f F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h[f ]Ɋ& !X[f F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah**[f ]Ɋ&  ![f F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c395da95-2005-4d6b-aec9-6d2bdbcec407 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[f ]Ɋ& ![f F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b3c4d74b-9c67-4496-8df2-959140e6f174 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c395da95-2005-4d6b-aec9-6d2bdbcec407 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=**[f ]Ɋ& '!X[f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**[f ]Ɋ& ?!X[f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **[f ]Ɋ& ;!X[f F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[f ]Ɋ& 3!X[f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou**[f ]Ɋ& 3!X[f F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti**[f ]Ɋ& 5!X[f F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0-[f ]Ɋ& !-[f F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f263916c-be5c-4c77-b530-bbb4d2d0d202 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@L[f ]Ɋ& !L[f F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5ac078fa-4882-40ab-95b3-4ae76c18d4ce HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f263916c-be5c-4c77-b530-bbb4d2d0d202 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9-fe@**sh ]Ɋ& )!Xsh F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**sh ]Ɋ& A!Xsh F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns**sh ]Ɋ& =!Xsh F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-6**sh ]Ɋ& 5!Xsh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**sh ]Ɋ& 5!Xsh F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**sh ]Ɋ& 7!Xsh F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0sh ]Ɋ& !sh F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f058360-3841-41c7-9764-7c430a532770 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ݖh ]Ɋ& !ݖh F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3ceb7a90-1adb-4387-b094-501d5b1eb1d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f058360-3841-41c7-9764-7c430a532770 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**Xh ]Ɋ& !Xh F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**ph ]Ɋ& !Xh F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**hh ]Ɋ& !Xh F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`h ]Ɋ& !Xh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xh F&XElfChnk00܌q7Mu=VysMc&&**hh ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!Xh F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hh ]Ɋ& !Xh F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h ]Ɋ&  !h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f719733-a3d7-4636-a251-292538237f31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ**h ]Ɋ& !h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ea5fdc77-4453-492c-b026-429da3dc8db8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f719733-a3d7-4636-a251-292538237f31 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**8ch ]Ɋ& !Xch F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pch ]Ɋ& !Xch F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pch ]Ɋ& !Xch F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hch ]Ɋ& !Xch F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H ch ]Ɋ& !Xch  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ch ]Ɋ& !Xch  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H** ch ]Ɋ& !ch  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d9c73bfd-ea9d-46db-bd90-0cb280d6084f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ?h ]Ɋ& !?h  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=55495723-f387-4c7c-a876-027d4524efdf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d9c73bfd-ea9d-46db-bd90-0cb280d6084f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X h ]Ɋ& !X h  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**p h ]Ɋ& !X h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**h h ]Ɋ& !X h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**` h ]Ɋ& !X h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**` h ]Ɋ& !X h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**` h ]Ɋ& !X h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`** h ]Ɋ& ! h F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aab36efe-93dd-4d78-88d1-c01e696dca94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** h ]Ɋ& ! h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=56fdde2d-1e99-46e3-94e9-74e86ea8883a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aab36efe-93dd-4d78-88d1-c01e696dca94 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**(Th ]Ɋ& !XTh F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@Th ]Ɋ& !XTh F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3@**@Th ]Ɋ& !XTh F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**8Th ]Ɋ& !XTh F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**8Th ]Ɋ& !XTh F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=67-8**8Th ]Ɋ& !XTh F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**Th ]Ɋ& !Th F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=96a64a1b-ca4e-40b2-8620-4e93c1b05cb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**:h ]Ɋ& !:h F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b315197e-ff91-402d-987d-857613e5a42d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=96a64a1b-ca4e-40b2-8620-4e93c1b05cb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**Xh ]Ɋ& !Xh F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**ph ]Ɋ& !Xh F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**ph ]Ɋ& !Xh F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**h h ]Ɋ& !Xh  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**h!h ]Ɋ& !Xh! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**h"h ]Ɋ& !Xh" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**#h ]Ɋ&  !h# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0aa8165-7039-4d59-bbb6-f0ecd2ef98b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**$&h ]Ɋ& !&h$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=287ab9a0-e5a9-45cb-a7cc-d82675762231 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0aa8165-7039-4d59-bbb6-f0ecd2ef98b8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio**%!h ]Ɋ& '!X!h% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**&!h ]Ɋ& ?!X!h& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**'!h ]Ɋ& ;!X!h' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne**(!h ]Ɋ& 3!X!h( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **)!h ]Ɋ& 3!X!h) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP***!h ]Ɋ& 5!X!h* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0+!h ]Ɋ& !!h+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=745c9541-0395-4362-9b81-cf9969cdd3db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@,3h ]Ɋ& !3h, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d7593fef-2152-4a9b-ad3e-a0d49a1c2649 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=745c9541-0395-4362-9b81-cf9969cdd3db PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**-R k ]Ɋ& )!XR k- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**.R k ]Ɋ& A!XR k. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**/R k ]Ɋ& =!XR k/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**0R k ]Ɋ& 5!XR k0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icXR k1 F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xh F&XElfChnk1a1apPqMu=VysMc&&**1R k ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XR k1 F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **2R k ]Ɋ& 7!XR k2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **03R k ]Ɋ& !R k3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cabbdb44-3e84-4b0c-9cd1-067f2b3edf74 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@4ă k ]Ɋ& !ă k4 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=92638e09-5432-4030-8e8d-3cfbaeb578a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cabbdb44-3e84-4b0c-9cd1-067f2b3edf74 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X5Z k ]Ɋ& !XZ k5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p6Z k ]Ɋ& !XZ k6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h7Z k ]Ɋ& !XZ k7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`8Z k ]Ɋ& !XZ k8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`9Z k ]Ɋ& !XZ k9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h:Z k ]Ɋ& !XZ k: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**;Z k ]Ɋ&  !Z k; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2079a928-ed11-4514-b7a4-8763a09e2cf8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **<Z k ]Ɋ& !Z k< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c4db51c-4394-49bf-80bd-8444a7edcf67 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2079a928-ed11-4514-b7a4-8763a09e2cf8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8=Z k ]Ɋ& !XZ k= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P>Z k ]Ɋ& !XZ k> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P?Z k ]Ɋ& !XZ k? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H@Z k ]Ɋ& !XZ k@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**HAZ k ]Ɋ& !XZ kA F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**HBZ k ]Ɋ& !XZ kB F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**CZ k ]Ɋ& !Z kC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2a7019c-e645-4881-ae02-c44571d93f63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**DZ k ]Ɋ& !Z kD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4a3035db-bd19-46d5-a94d-d55bb624bab6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e2a7019c-e645-4881-ae02-c44571d93f63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**XE k ]Ɋ& !X kE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**pF k ]Ɋ& !X kF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**hG k ]Ɋ& !X kG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`H k ]Ɋ& !X kH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`I k ]Ɋ& !X kI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`J k ]Ɋ& !X kJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**K k ]Ɋ& ! kK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=850d37be-d05c-457f-93d8-b2f61322b4fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**L k ]Ɋ& ! kL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=46eb0d96-9edf-4f12-8f14-655d93987004 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=850d37be-d05c-457f-93d8-b2f61322b4fc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(MM k ]Ɋ& !XM kM F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d(**@NM k ]Ɋ& !XM kN F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@OM k ]Ɋ& !XM kO F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8PM k ]Ɋ& !XM kP F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8QM k ]Ɋ& !XM kQ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8RM k ]Ɋ& !XM kR F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**SM k ]Ɋ& !M kS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=632b43cc-e9ee-4502-b7da-1c38ff364910 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**T k ]Ɋ& ! kT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0a97bc5d-78f7-4852-8edf-4429ded99d5c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=632b43cc-e9ee-4502-b7da-1c38ff364910 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**XUK k ]Ɋ& !XK kU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pVK k ]Ɋ& !XK kV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pWK k ]Ɋ& !XK kW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hXK k ]Ɋ& !XK kX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hYK k ]Ɋ& !XK kY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=49ah**hZK k ]Ɋ& !XK kZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**[K k ]Ɋ&  !K k[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48948315-1830-4404-90b5-64b2e009342f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**\ᯌ k ]Ɋ& !ᯌ k\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=91b37b57-bcb2-44c6-b8ee-ec18a21848e5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=48948315-1830-4404-90b5-64b2e009342f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**]ᯌ k ]Ɋ& '!Xᯌ k] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**^ᯌ k ]Ɋ& ?!Xᯌ k^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**_ᯌ k ]Ɋ& ;!Xᯌ k_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **`ᯌ k ]Ɋ& 3!Xᯌ k` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**aᯌ k ]Ɋ& 3!Xᯌ ka F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& Xᯌ kb F&1 F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xh F&XElfChnkbbp(g&ojz Mu=VysMc&&** bᯌ k ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xᯌ kb F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=403 **0cᯌ k ]Ɋ& !ᯌ kc F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=01b48e67-4944-40d0-b89e-894db19d33ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@dxH k ]Ɋ& !xH kd F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30d87f68-0298-4743-8b89-c2866de6d379 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=01b48e67-4944-40d0-b89e-894db19d33ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**e{#nm ]Ɋ& )!X{#nme F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**f{#nm ]Ɋ& A!X{#nmf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **g{#nm ]Ɋ& =!X{#nmg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**h{#nm ]Ɋ& 5!X{#nmh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**i{#nm ]Ɋ& 5!X{#nmi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **j{#nm ]Ɋ& 7!X{#nmj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0k{#nm ]Ɋ& !{#nmk F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aee87534-ed11-481e-801b-3d99d56bec70 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@l$nm ]Ɋ& !$nml F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b1a729e0-4a72-43b1-8fa5-ae9ea00ab7ee HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aee87534-ed11-481e-801b-3d99d56bec70 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**XmE%nm ]Ɋ& !XE%nmm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pnE%nm ]Ɋ& !XE%nmn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hoE%nm ]Ɋ& !XE%nmo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`pE%nm ]Ɋ& !XE%nmp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`qE%nm ]Ɋ& !XE%nmq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hrE%nm ]Ɋ& !XE%nmr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**sE%nm ]Ɋ&  !E%nms F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3ac1976d-0f0b-48d8-9187-1a0104b52da2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**tE%nm ]Ɋ& !E%nmt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8fa22e9b-7d3f-4e05-bb9f-e428f794b324 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3ac1976d-0f0b-48d8-9187-1a0104b52da2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8uE%nm ]Ɋ& !XE%nmu F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**PvE%nm ]Ɋ& !XE%nmv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**PwE%nm ]Ɋ& !XE%nmw F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**HxE%nm ]Ɋ& !XE%nmx F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**HyE%nm ]Ɋ& !XE%nmy F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ftVoH**HzE%nm ]Ɋ& !XE%nmz F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ritH**{E%nm ]Ɋ& !E%nm{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=56d61d2c-68ef-4147-8997-8627a0962587 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**|2%nm ]Ɋ& !2%nm| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=90f58836-657c-4bec-9cb2-6d4d803113b5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=56d61d2c-68ef-4147-8997-8627a0962587 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**X}2%nm ]Ɋ& !X2%nm} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US;X**p~2%nm ]Ɋ& !X2%nm~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostVp**h2%nm ]Ɋ& !X2%nm F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`2%nm ]Ɋ& !X2%nm F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*`**`2%nm ]Ɋ& !X2%nm F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru`**`2%nm ]Ɋ& !X2%nm F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**2%nm ]Ɋ& !2%nm F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed4c29c3-ead9-4b42-815a-6320107249b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**2%nm ]Ɋ& !2%nm F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d5133b6-cdf2-4a42-8125-79dae35d8488 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ed4c29c3-ead9-4b42-815a-6320107249b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(2%nm ]Ɋ& !X2%nm F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d(**@2%nm ]Ɋ& !X2%nm F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3@**@2%nm ]Ɋ& !X2%nm F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**82%nm ]Ɋ& !X2%nm F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**82%nm ]Ɋ& !X2%nm F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**82%nm ]Ɋ& !X2%nm F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**2%nm ]Ɋ& !2%nm F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f79a7b3-8b27-4cfd-bc96-381e18fe5dd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**_'nm ]Ɋ& !_'nm F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f3e7b355-65ff-4076-9f65-b126528fa097 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f79a7b3-8b27-4cfd-bc96-381e18fe5dd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X'nm ]Ɋ& !X'nm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p'nm ]Ɋ& !X'nm F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p'nm ]Ɋ& !X'nm F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h'nm ]Ɋ& !X'nm F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h'nm ]Ɋ& !X'nm F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h'nm ]Ɋ& !X'nm F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**'nm ]Ɋ&  !'nm F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73ea172e-c34d-4390-b6f8-ca205caf7649 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sbe.properties ]Ɋ& Cu#(nm F&n-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& Xᯌ kb F&1 F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xh F&XElfChnkxMu=VysMc&&** #(nm ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !#(nm F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=29884458-3581-4ff8-9f47-3827249dfbd2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73ea172e-c34d-4390-b6f8-ca205caf7649 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **#(nm ]Ɋ& '!X#(nm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**#(nm ]Ɋ& ?!X#(nm F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**#(nm ]Ɋ& ;!X#(nm F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**#(nm ]Ɋ& 3!X#(nm F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**#(nm ]Ɋ& 3!X#(nm F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ica**#(nm ]Ɋ& 5!X#(nm F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0#(nm ]Ɋ& !#(nm F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fe0c8f82-6946-48fc-9708-7eaf1e402956 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow0**@q)nm ]Ɋ& !q)nm F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fddf1c1d-15a6-49ae-a51b-efd0004edc3c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fe0c8f82-6946-48fc-9708-7eaf1e402956 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**=o ]Ɋ& )!X=o F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**=o ]Ɋ& A!X=o F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-wid**=o ]Ɋ& =!X=o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**=o ]Ɋ& 5!X=o F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **=o ]Ɋ& 5!X=o F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==8**=o ]Ɋ& 7!X=o F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0=o ]Ɋ& !=o F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fe6c2bc-7ca9-45aa-bd29-764eb7a811f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@>o ]Ɋ& !>o F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b75ea67a-e826-431c-b0e9-319583cf5e6a HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fe6c2bc-7ca9-45aa-bd29-764eb7a811f5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X?o ]Ɋ& !X?o F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p?o ]Ɋ& !X?o F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h?o ]Ɋ& !X?o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`?o ]Ɋ& !X?o F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`?o ]Ɋ& !X?o F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**h?o ]Ɋ& !X?o F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineSh**?o ]Ɋ&  !?o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e12f8da-8aac-4392-a17a-c7de14eb4be1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ped **J@o ]Ɋ& !J@o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0dffdf3c-fd5d-41b9-8716-27431c48d87e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e12f8da-8aac-4392-a17a-c7de14eb4be1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt**8J@o ]Ɋ& !XJ@o F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nm8**PJ@o ]Ɋ& !XJ@o F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idP**PJ@o ]Ɋ& !XJ@o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tartP**HJ@o ]Ɋ& !XJ@o F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ReH**HJ@o ]Ɋ& !XJ@o F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**HJ@o ]Ɋ& !XJ@o F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**J@o ]Ɋ& !J@o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58add639-2411-42c7-9020-2fbd38d268d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**@o ]Ɋ& !@o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e26d5299-4bac-44c5-97e6-b50e10cf28e4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58add639-2411-42c7-9020-2fbd38d268d5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X@o ]Ɋ& !X@o F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaX**p@o ]Ɋ& !X@o F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**h@o ]Ɋ& !X@o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`@o ]Ɋ& !X@o F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`@o ]Ɋ& !X@o F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=`**`@o ]Ɋ& !X@o F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**@o ]Ɋ& !@o F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c0635278-ba19-4162-8e01-b536cfceda9d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**wIAo ]Ɋ& !wIAo F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a9cb3814-bc83-4642-87b1-0bf760d86392 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c0635278-ba19-4162-8e01-b536cfceda9d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **(wIAo ]Ɋ& !XwIAo F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4(**@wIAo ]Ɋ& !XwIAo F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a@**@wIAo ]Ɋ& !XwIAo F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin@**8wIAo ]Ɋ& !XwIAo F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8wIAo ]Ɋ& !XwIAo F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8wIAo ]Ɋ& !XwIAo F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== 8**wIAo ]Ɋ& !wIAo F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0fb910bd-1de5-46e6-90c9-c8b8f0dcdbb8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge**zBo ]Ɋ& !zBo F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=803464c5-f1c3-4b2c-a9ad-7faf2b093c82 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0fb910bd-1de5-46e6-90c9-c8b8f0dcdbb8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te';**XhDDo ]Ɋ& !XhDDo F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**phDDo ]Ɋ& !XhDDo F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unXhDDo F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xh F&XElfChnkA2jѨMu=VysMc&&**p hDDo ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! S!XhDDo F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **hhDDo ]Ɋ& !XhDDo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hhDDo ]Ɋ& !XhDDo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hhDDo ]Ɋ& !XhDDo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tah**Do ]Ɋ&  !Do F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e731512-fb88-4174-ae54-ce3ca39e07dc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=00**uEo ]Ɋ& !uEo F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1526d011-1e06-4ce5-a0dd-d0abefb292a9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e731512-fb88-4174-ae54-ce3ca39e07dc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,De**+Fo ]Ɋ& '!X+Fo F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**+Fo ]Ɋ& ?!X+Fo F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**+Fo ]Ɋ& ;!X+Fo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hel**+Fo ]Ɋ& 3!X+Fo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**+Fo ]Ɋ& 3!X+Fo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll **+Fo ]Ɋ& 5!X+Fo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0+Fo ]Ɋ& !+Fo F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2d8da193-b3b4-4f5b-933d-3c4231a77a2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng0**@¦Fo ]Ɋ& !¦Fo F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b64647dc-8937-45b7-92c3-29b473c800bd HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=2d8da193-b3b4-4f5b-933d-3c4231a77a2a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**>:&r ]Ɋ& )!X>:&r F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**>:&r ]Ɋ& A!X>:&r F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **>:&r ]Ɋ& =!X>:&r F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**>:&r ]Ɋ& 5!X>:&r F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl**>:&r ]Ɋ& 5!X>:&r F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **>:&r ]Ɋ& 7!X>:&r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0>:&r ]Ɋ& !>:&r F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5336f5b2-26b6-4b16-af4e-d975b3b89806 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=40**@k;&r ]Ɋ& !k;&r F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e316f56-105a-4dea-b5f9-bb543d31c720 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5336f5b2-26b6-4b16-af4e-d975b3b89806 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila@**Xk;&r ]Ɋ& !Xk;&r F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProX**pk;&r ]Ɋ& !Xk;&r F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt p**hk;&r ]Ɋ& !Xk;&r F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sh**`k;&r ]Ɋ& !Xk;&r F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**`k;&r ]Ɋ& !Xk;&r F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c`**hk;&r ]Ɋ& !Xk;&r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**k;&r ]Ɋ&  !k;&r F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03eb69a9-64d4-482f-bd83-9092a25e8858 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5299**k;&r ]Ɋ& !k;&r F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=77f9f0b3-2fa7-4fc1-b3fe-d493fad2f0da HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=03eb69a9-64d4-482f-bd83-9092a25e8858 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7e**8}<&r ]Ɋ& !X}<&r F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si8**P}<&r ]Ɋ& !X}<&r F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leP**P}<&r ]Ɋ& !X}<&r F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HoP**H}<&r ]Ɋ& !X}<&r F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eNumH**H}<&r ]Ɋ& !X}<&r F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H}<&r ]Ɋ& !X}<&r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ateH**}<&r ]Ɋ& !}<&r F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7402598c-ab41-484a-92e1-17f9c3a27049 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber**}<&r ]Ɋ& !}<&r F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1e76d16e-104a-4402-b6e1-17c7b0f62af0 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7402598c-ab41-484a-92e1-17f9c3a27049 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X}<&r ]Ɋ& !X}<&r F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNamX**p}<&r ]Ɋ& !X}<&r F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h}<&r ]Ɋ& !X}<&r F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**`}<&r ]Ɋ& !X}<&r F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=('`**`}<&r ]Ɋ& !X}<&r F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ti`**`}<&r ]Ɋ& !X}<&r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f`**=&r ]Ɋ& !=&r F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dbe33e54-25b9-423e-b88c-e8f4e74b0106 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**=&r ]Ɋ& !=&r F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=06bfd9c2-035b-4afa-b276-7e111faf9950 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dbe33e54-25b9-423e-b88c-e8f4e74b0106 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**(=&r ]Ɋ& !X=&r F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@=&r ]Ɋ& !X=&r F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@=&r ]Ɋ& !X=&r F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ace@**8=&r ]Ɋ& !X=&r F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=es[8nstalldate'] ]Ɋ& etX=&r F&imatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=epproductState ]Ɋ& unXhDDo F&andName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& Xh F&XElfChnk**9{p(xlMD EventDatauoData !BinaryhRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8=&r ]Ɋ& !X=&r F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=In8**=&r ]Ɋ& !=&r F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=85015037-32b6-4d60-b967-1041b8a44b29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=WA**F>&r ]Ɋ& !F>&r F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2bac1f31-9e88-4c0d-be43-b0b09d336e4c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=85015037-32b6-4d60-b967-1041b8a44b29 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=po**X[>&r ]Ɋ& !X[>&r F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**p[>&r ]Ɋ& !X[>&r F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0p**p[>&r ]Ɋ& !X[>&r F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h[>&r ]Ɋ& !X[>&r F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hh**h[>&r ]Ɋ& !X[>&r F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNh**h[>&r ]Ɋ& !X[>&r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dBh**[>&r ]Ɋ&  ![>&r F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6fe98881-d22f-45c7-acd4-f700441a706d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**@&r ]Ɋ& !@&r F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c8dcff0e-83f3-4892-9f76-9824815f4fff HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6fe98881-d22f-45c7-acd4-f700441a706d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gine**@&r ]Ɋ& '!X@&r F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**@&r ]Ɋ& ?!X@&r F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6**@&r ]Ɋ& ;!X@&r F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@&r ]Ɋ& 3!X@&r F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsh** @&r ]Ɋ& 3!X@&r  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** @&r ]Ɋ& 5!X@&r  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=re**0 @&r ]Ɋ& !@&r  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7c745237-5cbb-42d5-ba60-2088c8a0a7c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ @&r ]Ɋ& !@&r  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08f53585-dfe6-4a8d-906f-fe705fbe981d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7c745237-5cbb-42d5-ba60-2088c8a0a7c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se@** Gt ]Ɋ& )!XGt  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3fe-**Gt ]Ɋ& A!XGt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=C**Gt ]Ɋ& =!XGt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Gt ]Ɋ& 5!XGt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Gt ]Ɋ& 5!XGt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=k;**Gt ]Ɋ& 7!XGt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**0Gt ]Ɋ& !Gt F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=041c9c31-8b8e-4c60-afbb-d99b170d8541 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=90**@ɴHt ]Ɋ& !ɴHt F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d471373-d440-4349-be7d-476e5c718642 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=041c9c31-8b8e-4c60-afbb-d99b170d8541 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e |@**X_MIt ]Ɋ& !X_MIt F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pdaX**p_MIt ]Ɋ& !X_MIt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nEnp**h_MIt ]Ɋ& !X_MIt F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th**`_MIt ]Ɋ& !X_MIt F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`_MIt ]Ɋ& !X_MIt F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h_MIt ]Ɋ& !X_MIt F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ruh**_MIt ]Ɋ&  !_MIt F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0bd1c1b-e28c-4205-ab88-26979d470435 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pipe**_MIt ]Ɋ& !_MIt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=44decc93-7761-4047-8263-b87c8579f35c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b0bd1c1b-e28c-4205-ab88-26979d470435 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm**8_MIt ]Ɋ& !X_MIt F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**P_MIt ]Ɋ& !X_MIt F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=unP**P_MIt ]Ɋ& !X_MIt F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gineP**H _MIt ]Ɋ& !X_MIt  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 65H**H!_MIt ]Ɋ& !X_MIt! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StriH**H"_MIt ]Ɋ& !X_MIt" F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oluH**#_MIt ]Ɋ& !_MIt# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d69593c7-17e4-4edc-9901-fda16776192c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=553**$It ]Ɋ& !It$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=37ddfd02-e688-4f12-90cf-f7b9c21f746a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d69593c7-17e4-4edc-9901-fda16776192c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**X%It ]Ɋ& !XIt% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arseX**p&It ]Ɋ& !XIt& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Hp**h'It ]Ɋ& !XIt' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eqh**`(It ]Ɋ& !XIt( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`)It ]Ɋ& !XIt) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri`**`*It ]Ɋ& !XIt* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`ElfChnk+[+[` +z Mu=VysMc&&**+It ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !It+ F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f56de26-a61e-4e19-b38e-7fff5a976c51 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**,It ]Ɋ& !It, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fe852a4c-63a3-4a19-aa6e-871c9b58f6ca HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0f56de26-a61e-4e19-b38e-7fff5a976c51 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 **(-~Jt ]Ɋ& !X~Jt- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@.~Jt ]Ɋ& !X~Jt. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@/~Jt ]Ɋ& !X~Jt/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | @**80~Jt ]Ɋ& !X~Jt0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Se8**81~Jt ]Ɋ& !X~Jt1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS8**82~Jt ]Ɋ& !X~Jt2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**3~Jt ]Ɋ& !~Jt3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=15f79b4e-e074-4e06-9b15-e71c468d3d28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si**4#Kt ]Ɋ& !#Kt4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3686647f-5ce3-43e4-ad36-799ddbad3ce4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=15f79b4e-e074-4e06-9b15-e71c468d3d28 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obal**X5@COt ]Ɋ& !X@COt5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p6@COt ]Ɋ& !X@COt6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.p**p7@COt ]Ɋ& !X@COt7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e.pp**h8@COt ]Ɋ& !X@COt8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n.Ch**h9@COt ]Ɋ& !X@COt9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=655h**h:@COt ]Ɋ& !X@COt: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pah**;@COt ]Ɋ&  !@COt; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=97f35c79-54b2-4d8d-902f-1d1e83f50247 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<Ot ]Ɋ& !Ot< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5c9a3b4-fa01-4c18-89e0-82910eeb7010 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=97f35c79-54b2-4d8d-902f-1d1e83f50247 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**=Ot ]Ɋ& '!XOt= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**>Ot ]Ɋ& ?!XOt> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**?Ot ]Ɋ& ;!XOt? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@Ot ]Ɋ& 3!XOt@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ati**AOt ]Ɋ& 3!XOtA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**BOt ]Ɋ& 5!XOtB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**0COt ]Ɋ& !OtC F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4680f8d4-7f60-4f82-8b1a-ec6ef383221e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@D Qt ]Ɋ& ! QtD F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=39634176-18ff-4730-9656-376531318c19 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4680f8d4-7f60-4f82-8b1a-ec6ef383221e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stri@**Ev ]Ɋ& )!XvE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tanc**Fv ]Ɋ& A!XvF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1-40**Gv ]Ɋ& =!XvG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Hv ]Ɋ& 5!XvH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**Iv ]Ɋ& 5!XvI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Jv ]Ɋ& 7!XvJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0Kv ]Ɋ& !vK F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c59b000f-62fd-4759-8531-a9518b649e2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m0**@LBNv ]Ɋ& !BNvL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b3643643-18c2-434f-9c7b-30f74c350147 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c59b000f-62fd-4759-8531-a9518b649e2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P@**XMv ]Ɋ& !XvM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0X**pNv ]Ɋ& !XvN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=inep**hOv ]Ɋ& !XvO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Rh**`Pv ]Ɋ& !XvP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`Qv ]Ɋ& !XvQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I`**hRv ]Ɋ& !XvR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nameh**Sov ]Ɋ&  !ovS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2e49e2dd-b66b-49cb-9789-947559d253ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand**Tov ]Ɋ& !ovT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=31c16c95-6337-495f-9a87-fed5f833d94c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2e49e2dd-b66b-49cb-9789-947559d253ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8Uov ]Ɋ& !XovU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sc8**PVov ]Ɋ& !XovV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PWov ]Ɋ& !XovW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== P**HXov ]Ɋ& !XovX F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eId=H**HYov ]Ɋ& !XovY F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d= H**HZov ]Ɋ& !XovZ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RH**[ov ]Ɋ& !ov[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7929cdf0-f083-41d8-91de-18de549d4eb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= mmandName=  ]Ɋ& CommandPath= CommvElfChnk\\H&Mu=VysMc&&**\v ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !v\ F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=984d6d86-3ce6-4565-b329-ff925496b8b3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7929cdf0-f083-41d8-91de-18de549d4eb2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**X]v ]Ɋ& !Xv] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**p^v ]Ɋ& !Xv^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**h_v ]Ɋ& !Xv_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**``v ]Ɋ& !Xv` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`av ]Ɋ& !Xva F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`bv ]Ɋ& !Xvb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**cv ]Ɋ& !vc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4df722ee-0b9e-4dbd-931d-df7f95106b9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=J**dv ]Ɋ& !vd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=add1a34c-f009-4c17-a072-fb4ecf2c274c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4df722ee-0b9e-4dbd-931d-df7f95106b9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(ev ]Ɋ& !Xve F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d(**@fv ]Ɋ& !Xvf F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@gv ]Ɋ& !Xvg F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8hv ]Ɋ& !Xvh F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8iv ]Ɋ& !Xvi F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8jv ]Ɋ& !Xvj F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**kv ]Ɋ& !vk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4ff169fd-4677-4380-adb4-3f115dccc474 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **l2Iv ]Ɋ& !2Ivl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e758be9f-f5cd-4ecc-89ca-92573c823967 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4ff169fd-4677-4380-adb4-3f115dccc474 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**Xm#Dv ]Ɋ& !X#Dvm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pn#Dv ]Ɋ& !X#Dvn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**po#Dv ]Ɋ& !X#Dvo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hp#Dv ]Ɋ& !X#Dvp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**hq#Dv ]Ɋ& !X#Dvq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**hr#Dv ]Ɋ& !X#Dvr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**s#Dv ]Ɋ&  !#Dvs F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8970cda7-ef90-4e06-8910-d5bd74bacf0a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**tv ]Ɋ& !vt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cdc04878-a7dd-4f38-8552-6a45ca091918 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8970cda7-ef90-4e06-8910-d5bd74bacf0a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**uPuv ]Ɋ& '!XPuvu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **vPuv ]Ɋ& ?!XPuvv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**wPuv ]Ɋ& ;!XPuvw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**xPuv ]Ɋ& 3!XPuvx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **yPuv ]Ɋ& 3!XPuvy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**zPuv ]Ɋ& 5!XPuvz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0{Puv ]Ɋ& !Puv{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ca1f74d4-0cfa-4a0a-baa1-99135d0b023b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@| v ]Ɋ& ! v| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0ffbdd03-cef5-471a-9696-c03cb57710f3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=ca1f74d4-0cfa-4a0a-baa1-99135d0b023b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-a95@**}0y ]Ɋ& )!X0y} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**~0y ]Ɋ& A!X0y~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**0y ]Ɋ& =!X0y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fe**0y ]Ɋ& 5!X0y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**0y ]Ɋ& 5!X0y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**0y ]Ɋ& 7!X0y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**00y ]Ɋ& !0y F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62de293c-7ff8-4c04-9daf-2080414a528c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@'L0y ]Ɋ& !'L0y F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e758b003-ec20-454e-aef4-fb4cc99e9764 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=62de293c-7ff8-4c04-9daf-2080414a528c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X0y ]Ɋ& !X0y F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p0y ]Ɋ& !X0y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h0y ]Ɋ& !X0y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`0y ]Ɋ& !X0y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`0y ]Ɋ& !X0y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**h0y ]Ɋ& !X0y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Zh**0y ]Ɋ&  !0y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa486c6c-7ca1-4e50-a28e-1f7baffc0772 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!ov ]Ɋ& at0y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa486c6c-7ca1-4e50-a28e-1f7baffc0772 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk@΄V^ Mu=VysMc&&**0y ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !0y F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33c80957-d14f-4368-9122-3a9bdea19612 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aa486c6c-7ca1-4e50-a28e-1f7baffc0772 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**80y ]Ɋ& !X0y F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=om8**P0y ]Ɋ& !X0y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**P0y ]Ɋ& !X0y F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaP**H0y ]Ɋ& !X0y F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iptNH**H0y ]Ɋ& !X0y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTypH**H0y ]Ɋ& !X0y F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**0y ]Ɋ& !0y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aa3d82f-9fc5-4079-8944-015f99263ec9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **G0y ]Ɋ& !G0y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d2d9a097-85e5-4206-b7c7-ccac3e589b13 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aa3d82f-9fc5-4079-8944-015f99263ec9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XG0y ]Ɋ& !XG0y F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulX**pG0y ]Ɋ& !XG0y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={ [p**hG0y ]Ɋ& !XG0y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9ch**`G0y ]Ɋ& !XG0y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rS`**`G0y ]Ɋ& !XG0y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`G0y ]Ɋ& !XG0y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**G0y ]Ɋ& !G0y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fda5db5-6b98-4edf-9f7d-5d374ca3af1e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-**G0y ]Ɋ& !G0y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2e1831c5-3b32-44fd-862b-b5638e2ec9f2 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fda5db5-6b98-4edf-9f7d-5d374ca3af1e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ure**(0y ]Ɋ& !X0y F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v(**@0y ]Ɋ& !X0y F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=K@**@0y ]Ɋ& !X0y F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=@**80y ]Ɋ& !X0y F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F8**80y ]Ɋ& !X0y F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam8**80y ]Ɋ& !X0y F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Gl8**0y ]Ɋ& !0y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=21b8c52c-6243-4153-9054-9bff382c1dfd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**B0y ]Ɋ& !B0y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c43746dd-9648-4f32-8527-e4c8627f6a1a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=21b8c52c-6243-4153-9054-9bff382c1dfd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tall**X0y ]Ɋ& !X0y F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\X**p0y ]Ɋ& !X0y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\p**p0y ]Ɋ& !X0y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=help**h0y ]Ɋ& !X0y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ct h**h0y ]Ɋ& !X0y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n';h**h0y ]Ɋ& !X0y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=([h**0y ]Ɋ&  !0y F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c2bc950-9cdf-45ab-a2c5-1969276bfb3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta**S0y ]Ɋ& !S0y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0bdc2caa-7022-40f7-8934-586d362d9527 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5c2bc950-9cdf-45ab-a2c5-1969276bfb3f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omma**i 0y ]Ɋ& '!Xi 0y F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**i 0y ]Ɋ& ?!Xi 0y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f**i 0y ]Ɋ& ;!Xi 0y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt **i 0y ]Ɋ& 3!Xi 0y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=**i 0y ]Ɋ& 3!Xi 0y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**i 0y ]Ɋ& 5!Xi 0y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0i 0y ]Ɋ& !i 0y F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4df22ca9-6f4a-4210-99d1-ee09ba987eaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av0**@!0y ]Ɋ& !!0y F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=59a3473e-1a6a-4142-85b0-64981799ab96 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4df22ca9-6f4a-4210-99d1-ee09ba987eaf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w@**e1{ ]Ɋ& )!Xe1{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nter**e1{ ]Ɋ& A!Xe1{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lica**e1{ ]Ɋ& =!Xe1{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**e1{ ]Ɋ& 5!Xe1{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**e1{ ]Ɋ& 5!Xe1{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Va**e1{ ]Ɋ& 7!Xe1{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0(1{ ]Ɋ& !(1{ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=38df7552-487d-4559-9f8a-811e6cec0cdb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@U/3{ ]Ɋ& !U/3{ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a96476b7-0852-49b6-8470-fc33a6d33204 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=38df7552-487d-4559-9f8a-811e6cec0cdb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=baf@0772 Pipel ]Ɋ& meX`4{ F&e=ElfChnkHEӔjMu=VysMc&&**X`4{ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ;!X`4{ F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p`4{ ]Ɋ& !X`4{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h`4{ ]Ɋ& !X`4{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**``4{ ]Ɋ& !X`4{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**``4{ ]Ɋ& !X`4{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h`4{ ]Ɋ& !X`4{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h**`4{ ]Ɋ&  !`4{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fd3b6612-1a2c-4a63-8175-2efa10880413 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0y**`4{ ]Ɋ& !`4{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e63b2fca-3156-488d-bfc3-76384493368f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fd3b6612-1a2c-4a63-8175-2efa10880413 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**84{ ]Ɋ& !X4{ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P4{ ]Ɋ& !X4{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P4{ ]Ɋ& !X4{ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H4{ ]Ɋ& !X4{ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H4{ ]Ɋ& !X4{ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**H4{ ]Ɋ& !X4{ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**4{ ]Ɋ& !4{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4f02aa83-3c00-4066-8e9d-a01e599f8be6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**4{ ]Ɋ& !4{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=db9d9b3d-b2c8-4568-b34c-c93875690d83 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4f02aa83-3c00-4066-8e9d-a01e599f8be6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X5{ ]Ɋ& !X5{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p5{ ]Ɋ& !X5{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**h5{ ]Ɋ& !X5{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`5{ ]Ɋ& !X5{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`5{ ]Ɋ& !X5{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`5{ ]Ɋ& !X5{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**5{ ]Ɋ& !5{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d263fce3-35d6-46de-bebd-6daac58c386e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**5{ ]Ɋ& !5{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=35013bc7-61d5-4d00-901d-150e8c923487 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d263fce3-35d6-46de-bebd-6daac58c386e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(6{ ]Ɋ& !X6{ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@6{ ]Ɋ& !X6{ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8@**@6{ ]Ɋ& !X6{ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**86{ ]Ɋ& !X6{ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**86{ ]Ɋ& !X6{ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0b8**86{ ]Ɋ& !X6{ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**6{ ]Ɋ& !6{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ad337a1f-2a1b-45a8-b025-73891c9d2ef5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**s[7{ ]Ɋ& !s[7{ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=60188c2e-8dd3-4fd4-9b55-8cd1e6e398d6 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ad337a1f-2a1b-45a8-b025-73891c9d2ef5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**XTQ={ ]Ɋ& !XTQ={ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pTQ={ ]Ɋ& !XTQ={ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pTQ={ ]Ɋ& !XTQ={ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**hTQ={ ]Ɋ& !XTQ={ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hTQ={ ]Ɋ& !XTQ={ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hTQ={ ]Ɋ& !XTQ={ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**TQ={ ]Ɋ&  !TQ={ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2cfd27b8-ffa6-4446-a896-9804c9146724 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**={ ]Ɋ& !={ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=27247966-a913-48a0-8d0a-7d208d2ffab8 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2cfd27b8-ffa6-4446-a896-9804c9146724 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **?{ ]Ɋ& '!X?{ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**?{ ]Ɋ& ?!X?{ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**?{ ]Ɋ& ;!X?{ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**?{ ]Ɋ& 3!X?{ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**?{ ]Ɋ& 3!X?{ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**?{ ]Ɋ& 5!X?{ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0?{ ]Ɋ& !?{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5c44e6e7-2685-4344-8f94-9c4e37bed10c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@@{ ]Ɋ& !@{ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8ef7dd2a-7e8b-41db-bc4a-cad62663a662 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5c44e6e7-2685-4344-8f94-9c4e37bed10c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b @pelineId=  ]Ɋ& maX,@ } F&0772 Pipel ]Ɋ& meX`4{ F&e=ElfChnkhP-et-?Mu=VysMc&&**,@ } ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X,@ } F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**,@ } ]Ɋ& A!X,@ } F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**,@ } ]Ɋ& =!X,@ } F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iv**,@ } ]Ɋ& 5!X,@ } F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **,@ } ]Ɋ& 5!X,@ } F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e6**,@ } ]Ɋ& 7!X,@ } F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c**0,@ } ]Ɋ& !,@ } F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=334a4d57-86cf-4531-817c-890c4c254b22 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@Yq } ]Ɋ& !Yq } F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=36e20e1f-8c3a-459b-897a-2ad9dc4f0b2b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=334a4d57-86cf-4531-817c-890c4c254b22 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F@**X } ]Ɋ& !X } F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p } ]Ɋ& !X } F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!p**h } ]Ɋ& !X } F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` } ]Ɋ& !X } F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` } ]Ɋ& !X } F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h } ]Ɋ& !X } F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tarth** } ]Ɋ&  ! } F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e6f3819-5bae-4dd4-b7a4-45c676274efc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e ** } ]Ɋ& ! } F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fa021abc-8b32-4816-b226-496796961fbe HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7e6f3819-5bae-4dd4-b7a4-45c676274efc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mb**8;} ]Ɋ& !X;} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne8**P;} ]Ɋ& !X;} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=P**P;} ]Ɋ& !X;} F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtedP**H;} ]Ɋ& !X;} F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FuH**H;} ]Ɋ& !X;} F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**H;} ]Ɋ& !X;} F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine={H**;} ]Ɋ& !;} F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12768ff0-5a83-4614-bb2a-e502c8ad18b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**;} ]Ɋ& !;} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5b35a743-eb88-4848-a4a2-e3a69d6b37d3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=12768ff0-5a83-4614-bb2a-e502c8ad18b9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X} ]Ɋ& !X} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p} ]Ɋ& !X} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe= p**h} ]Ɋ& !X} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`} ]Ɋ& !X} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rt`**` } ]Ɋ& !X}  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**` } ]Ɋ& !X}  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`** } ]Ɋ& !}  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=014e9916-ced3-4503-bc50-f63596bb4ff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** v} ]Ɋ& !v}  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=53e13141-c854-49da-95ab-e5fc7a9de274 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=014e9916-ced3-4503-bc50-f63596bb4ff3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( v} ]Ɋ& !Xv}  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@v} ]Ɋ& !Xv} F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@v} ]Ɋ& !Xv} F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o('@**8v} ]Ɋ& !Xv} F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayV8**8v} ]Ɋ& !Xv} F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8v} ]Ɋ& !Xv} F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um8**v} ]Ɋ& !v} F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b13e2e98-0093-4c70-ae1f-8054a30f69c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**} ]Ɋ& !} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e1d0b67-d984-4513-b34b-39734d394a52 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b13e2e98-0093-4c70-ae1f-8054a30f69c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= **XH} ]Ɋ& !XH} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**pH} ]Ɋ& !XH} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**pH} ]Ɋ& !XH} F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7b8p**hH} ]Ɋ& !XH} F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**hH} ]Ɋ& !XH} F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hH} ]Ɋ& !XH} F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**H} ]Ɋ&  !H} F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6935c387-f1c5-4a9f-9d89-deeac82a064e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **u} ]Ɋ& !u} F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=58987ee6-4ded-44d0-a179-5aa9523961fa HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6935c387-f1c5-4a9f-9d89-deeac82a064e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hell**} ]Ɋ& '!X} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**} ]Ɋ& ?!X} F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-db-bc4a-cad6 ]Ɋ& reX} F&ame . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=5c44e6e7-2685-4344-8f94-9c4e37bed10c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b @pelineId=  ]Ɋ& maX,@ } F&0772 Pipel ]Ɋ& meX`4{ F&e=ElfChnkQQ@7&Mu=VysMc&&** } ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X} F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** } ]Ɋ& 3!X}  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,@ **!} ]Ɋ& 3!X}! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9dc**"} ]Ɋ& 5!X}" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0#} ]Ɋ& !}# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f5521947-afa5-4583-be90-a0b90fe8832e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@$8} ]Ɋ& !8}$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6eacf132-780d-4a44-9912-f4abe5447398 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f5521947-afa5-4583-be90-a0b90fe8832e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Com@**%B ]Ɋ& )!XB% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **&B ]Ɋ& A!XB& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tSta**'B ]Ɋ& =!XB' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**(B ]Ɋ& 5!XB( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**)B ]Ɋ& 5!XB) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ve***B ]Ɋ& 7!XB* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**0+B ]Ɋ& !B+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2322293d-088a-4e1f-9720-db711a08432a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@,5B ]Ɋ& !5B, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ba257ed8-79c0-4c6e-af53-fd25fca72517 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2322293d-088a-4e1f-9720-db711a08432a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**X-5B ]Ɋ& !X5B- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p.5B ]Ɋ& !X5B. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h/5B ]Ɋ& !X5B/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`05B ]Ɋ& !X5B0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`15B ]Ɋ& !X5B1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h25B ]Ɋ& !X5B2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ailah**35B ]Ɋ&  !5B3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a0022a73-09bb-44ed-9188-416137e365c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= New**4˵B ]Ɋ& !˵B4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=714cf3ae-6970-44c2-9483-6f74e723faf4 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a0022a73-09bb-44ed-9188-416137e365c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne**85˵B ]Ɋ& !X˵B5 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P8**P6˵B ]Ɋ& !X˵B6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SyP**P7˵B ]Ɋ& !X˵B7 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**H8˵B ]Ɋ& !X˵B8 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H9˵B ]Ɋ& !X˵B9 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=XH**H:˵B ]Ɋ& !X˵B: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**;˵B ]Ɋ& !˵B; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fe08b247-cdec-40aa-8e60-af7fda3ba04d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<˵B ]Ɋ& !˵B< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=50793e9a-3572-460d-a183-680609d8f993 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fe08b247-cdec-40aa-8e60-af7fda3ba04d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X=bNB ]Ɋ& !XbNB= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**p>bNB ]Ɋ& !XbNB> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h?bNB ]Ɋ& !XbNB? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=arh**`@bNB ]Ɋ& !XbNB@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4a`**`AbNB ]Ɋ& !XbNBA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed`**`BbNB ]Ɋ& !XbNBB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**CbNB ]Ɋ& !bNBC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1b1ebf2-e19b-4514-a3a7-c8bd426af234 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**DbNB ]Ɋ& !bNBD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=02dbf900-0c5b-4b8b-a219-5b10e45e0dbb HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1b1ebf2-e19b-4514-a3a7-c8bd426af234 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c70**(EbNB ]Ɋ& !XbNBE F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@FbNB ]Ɋ& !XbNBF F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='@**@GbNB ]Ɋ& !XbNBG F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ows@**8HbNB ]Ɋ& !XbNBH F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nso8**8IbNB ]Ɋ& !XbNBI F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8JbNB ]Ɋ& !XbNBJ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pa8**KbNB ]Ɋ& !bNBK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e5914173-f777-48ee-8ddf-ee8f57be370e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**LB ]Ɋ& !BL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a9e21a62-8e31-4eda-979a-7372d777bb4a HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e5914173-f777-48ee-8ddf-ee8f57be370e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sher**XMRIB ]Ɋ& !XRIBM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pNRIB ]Ɋ& !XRIBN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**pORIB ]Ɋ& !XRIBO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insp**hPRIB ]Ɋ& !XRIBP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edoh**hQRIB ]Ɋ& !XRIBQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= hɊ& ]Ɋ& XRIBR F&]Ɋ& meX`4{ F&e=ElfChnkRRHh6 Mu=VysMc&&**p RRIB ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!XRIBR F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Xp **SRIB ]Ɋ&  !RIBS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8bb4fc1c-03dd-4c18-bb97-e323d2cf6e39 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**TB ]Ɋ& !BT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40dac928-724e-4e02-8ef1-8fb8e4947de1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8bb4fc1c-03dd-4c18-bb97-e323d2cf6e39 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=atio**UB ]Ɋ& '!XBU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**VB ]Ɋ& ?!XBV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**WB ]Ɋ& ;!XBW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost**XB ]Ɋ& 3!XBX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**YB ]Ɋ& 3!XBY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t **ZB ]Ɋ& 5!XBZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0[B ]Ɋ& !B[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7ed3eaff-e0c5-4433-8da7-6ebac01ed5cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=250**@\B ]Ɋ& !B\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b2e837b7-bf90-490d-bf8c-9ec52aac9597 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7ed3eaff-e0c5-4433-8da7-6ebac01ed5cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**] ]Ɋ& )!X] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**^ ]Ɋ& A!X^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**_ ]Ɋ& =!X_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la**` ]Ɋ& 5!X` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**a ]Ɋ& 5!Xa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**b ]Ɋ& 7!Xb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**0c ]Ɋ& !c F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4fb496f1-2e9f-4880-825a-d81aa4c7aef7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b0**@dF ]Ɋ& !Fd F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=35b6ed15-b213-46a7-9d7e-0aa57f9101a6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4fb496f1-2e9f-4880-825a-d81aa4c7aef7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xe* ]Ɋ& !X*e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pf* ]Ɋ& !X*f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hg* ]Ɋ& !X*g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`h* ]Ɋ& !X*h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`i* ]Ɋ& !X*i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hj* ]Ɋ& !X*j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vah**k* ]Ɋ&  !*k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3c47269-a5da-40da-91b0-b58a8fdfb815 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineS**l* ]Ɋ& !*l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=73917410-7eb8-4471-9289-556b7394343e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3c47269-a5da-40da-91b0-b58a8fdfb815 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8m* ]Ɋ& !X*m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=am8**Pn* ]Ɋ& !X*n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PP**Po* ]Ɋ& !X*o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSyP**Hp* ]Ɋ& !X*p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH**Hq* ]Ɋ& !X*q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=BH**Hr* ]Ɋ& !X*r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**sw ]Ɋ& !ws F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73aa9228-41f1-4a87-a3c4-e51efec7a96e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**tw ]Ɋ& !wt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d90d1a32-a3e9-4715-80da-aaa0906fb965 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73aa9228-41f1-4a87-a3c4-e51efec7a96e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XuW ]Ɋ& !XWu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pvW ]Ɋ& !XWv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**hwW ]Ɋ& !XWw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**`xW ]Ɋ& !XWx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ps`**`yW ]Ɋ& !XWy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`zW ]Ɋ& !XWz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q`**{W ]Ɋ& !W{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ecd84b10-e0a0-4b4a-9609-7b3013b0774c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**|W ]Ɋ& !W| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9aacc738-96d6-42f2-a73d-f951f4da6c82 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ecd84b10-e0a0-4b4a-9609-7b3013b0774c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(}W ]Ɋ& !XW} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@~W ]Ɋ& !XW~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S@**@W ]Ɋ& !XW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=etC@**8W ]Ɋ& !XW F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNa8**8W ]Ɋ& !XW F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8W ]Ɋ& !XW F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**W ]Ɋ& !W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=67a5072f-6b11-48e2-a868-cd688703da15 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**A ]Ɋ& !A F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0488a7bc-3ce0-47e7-8061-a88a16b00ae1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=67a5072f-6b11-48e2-a868-cd688703da15 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== riptName=  ]Ɋ& XG  F&XRIBR F&]Ɋ& meX`4{ F&e=ElfChnkHe%H1RMu=VysMc&&**` G  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!XG  F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **pG  ]Ɋ& !XG  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**pG  ]Ɋ& !XG  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**hG  ]Ɋ& !XG  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**hG  ]Ɋ& !XG  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hG  ]Ɋ& !XG  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**G  ]Ɋ&  !G  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=814c300a-36fd-4d6c-b81f-8ab8420e14c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**ޣ ]Ɋ& !ޣ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=61e0bac9-bc8b-4bf5-97e2-41960166bf25 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=814c300a-36fd-4d6c-b81f-8ab8420e14c2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**ޣ ]Ɋ& '!Xޣ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**ޣ ]Ɋ& ?!Xޣ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**ޣ ]Ɋ& ;!Xޣ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7-9**ޣ ]Ɋ& 3!Xޣ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_**ޣ ]Ɋ& 3!Xޣ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9d7**ޣ ]Ɋ& 5!Xޣ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0ޣ ]Ɋ& !ޣ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=13703d94-ae6c-4bce-ba10-5d64a3a2df98 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@  ]Ɋ& !  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e283921e-928f-4883-a1ee-0d9f3e1930d8 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=13703d94-ae6c-4bce-ba10-5d64a3a2df98 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**  ]Ɋ& )!X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**  ]Ɋ& A!X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **  ]Ɋ& =!X  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**  ]Ɋ& 5!X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**  ]Ɋ& 5!X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **  ]Ɋ& 7!X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0  ]Ɋ& !  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=23854537-fc2f-43b1-9e10-073085b57a4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@>  ]Ɋ& !>  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2799e063-aed2-44c2-9788-df1745637d20 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=23854537-fc2f-43b1-9e10-073085b57a4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**X>  ]Ɋ& !X>  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*X**p>  ]Ɋ& !X>  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**h>  ]Ɋ& !X>  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`>  ]Ɋ& !X>  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**`>  ]Ɋ& !X>  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**h>  ]Ɋ& !X>  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**>  ]Ɋ&  !>  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37a70b81-3011-4e08-9eeb-f8fb46bf3599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=71a3ffc0-8e94-4330-95f1-ef0a1bce3683 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37a70b81-3011-4e08-9eeb-f8fb46bf3599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8  ]Ɋ& !X  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**P  ]Ɋ& !X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**P  ]Ɋ& !X  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**H  ]Ɋ& !X  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**H  ]Ɋ& !X  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**H  ]Ɋ& !X  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**Io  ]Ɋ& !Io  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08e74517-e847-4a9b-82e9-cf56e7048dd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **Io  ]Ɋ& !Io  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=863917d6-cb04-459e-ac36-36c17dd9760e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08e74517-e847-4a9b-82e9-cf56e7048dd0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**XIo  ]Ɋ& !XIo  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=}X**pIo  ]Ɋ& !XIo  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**hIo  ]Ɋ& !XIo  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`Io  ]Ɋ& !XIo  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`Io  ]Ɋ& !XIo  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`Io  ]Ɋ& !XIo  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**Io  ]Ɋ& !Io  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=151a6a0e-35d8-4675-9ac1-0e3d9a2a5498 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**  ]Ɋ& !  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=75aa9144-e9d7-4198-852d-33b739026f66 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=151a6a0e-35d8-4675-9ac1-0e3d9a2a5498 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(  ]Ɋ& !X  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@  ]Ɋ& !X  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @riptName=  ]Ɋ& X  F&XRIBR F&]Ɋ& meX`4{ F&e=ElfChnkP@.:5Mu=VysMc&&**@   ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!X  F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8  ]Ɋ& !X  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8  ]Ɋ& !X  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8  ]Ɋ& !X  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**  ]Ɋ& !  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0c0bd014-370a-4b9d-ae0f-3165f42dabcb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re** 9  ]Ɋ& ! 9  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=de9f7c43-9b66-4e19-84fc-4e6bddd45c7b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0c0bd014-370a-4b9d-ae0f-3165f42dabcb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**Xg  ]Ɋ& !Xg  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**pg  ]Ɋ& !Xg  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pg  ]Ɋ& !Xg  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**hg  ]Ɋ& !Xg  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**hg  ]Ɋ& !Xg  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hg  ]Ɋ& !Xg  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**g  ]Ɋ&  !g  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2bd93c9f-25bb-4f3e-8b02-d713628350a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**3  ]Ɋ& !3  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=be5c6242-dbc0-4566-969f-60050f59e667 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2bd93c9f-25bb-4f3e-8b02-d713628350a1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**3  ]Ɋ& '!X3  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**3  ]Ɋ& ?!X3  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**3  ]Ɋ& ;!X3  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-44**3  ]Ɋ& 3!X3  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****3  ]Ɋ& 3!X3  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4c2**3  ]Ɋ& 5!X3  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0  ]Ɋ& !  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7d5a7a26-248b-48b0-b452-64344591df1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@*e  ]Ɋ& !*e  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2e3a3830-3567-443f-8cb5-44e3cb7f5316 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=7d5a7a26-248b-48b0-b452-64344591df1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@** qL ]Ɋ& )!X qL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co** qL ]Ɋ& A!X qL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId** qL ]Ɋ& =!X qL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr** qL ]Ɋ& 5!X qL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/** qL ]Ɋ& 5!X qL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=36** qL ]Ɋ& 7!X qL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0 qL ]Ɋ& ! qL F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f392240-c28c-4bec-a7c4-9cbf20e285b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@rL ]Ɋ& !rL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=671d2fb5-d012-4c8d-b630-0cea79973a3d HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1f392240-c28c-4bec-a7c4-9cbf20e285b7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**X9&sL ]Ɋ& !X9&sL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p9&sL ]Ɋ& !X9&sL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h9&sL ]Ɋ& !X9&sL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`9&sL ]Ɋ& !X9&sL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`9&sL ]Ɋ& !X9&sL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**h9&sL ]Ɋ& !X9&sL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**9&sL ]Ɋ&  !9&sL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e20a8ad1-768d-4221-904c-fd7e6de82fd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**9&sL ]Ɋ& !9&sL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=47deed16-5703-4c13-bfef-2efa050a919a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e20a8ad1-768d-4221-904c-fd7e6de82fd8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **89&sL ]Ɋ& !X9&sL F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**P9&sL ]Ɋ& !X9&sL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**P9&sL ]Ɋ& !X9&sL F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**H9&sL ]Ɋ& !X9&sL F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**H9&sL ]Ɋ& !X9&sL F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**H9&sL ]Ɋ& !X9&sL F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**9&sL ]Ɋ& !9&sL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17ca89f6-e03b-41cf-a0ee-ffd8867a37e8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**ϾsL ]Ɋ& !ϾsL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5edd63a1-d839-4607-8617-a08e7050b1b4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=17ca89f6-e03b-41cf-a0ee-ffd8867a37e8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**XϾsL ]Ɋ& !XϾsL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pϾsL ]Ɋ& !XϾsL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**hϾsL ]Ɋ& !XϾsL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  XϾsL F&CommandPath= CommandLine= @riptName=  ]Ɋ& X  F&XRIBR F&]Ɋ& meX`4{ F&e=ElfChnkX0j[ymMu=VysMc&&**hϾsL ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!XϾsL F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`ϾsL ]Ɋ& !XϾsL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`ϾsL ]Ɋ& !XϾsL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**ϾsL ]Ɋ& !ϾsL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=322992da-a8d5-43d8-b26a-82f6d0fda7ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ϾsL ]Ɋ& !ϾsL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b82d2d45-5aea-4b0e-97ad-40ee5bd24acf HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=322992da-a8d5-43d8-b26a-82f6d0fda7ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(fWtL ]Ɋ& !XfWtL F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@fWtL ]Ɋ& !XfWtL F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@fWtL ]Ɋ& !XfWtL F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8fWtL ]Ɋ& !XfWtL F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8fWtL ]Ɋ& !XfWtL F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8fWtL ]Ɋ& !XfWtL F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8**fWtL ]Ɋ& !fWtL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7300057c-7e2c-47e1-a4b7-a19e06da3ae9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**tL ]Ɋ& !tL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1c964786-2672-4e6c-ba1d-8ebc9ed68e02 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7300057c-7e2c-47e1-a4b7-a19e06da3ae9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X)!vL ]Ɋ& !X)!vL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p)!vL ]Ɋ& !X)!vL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p)!vL ]Ɋ& !X)!vL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h)!vL ]Ɋ& !X)!vL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**h)!vL ]Ɋ& !X)!vL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**h)!vL ]Ɋ& !X)!vL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2eh**)!vL ]Ɋ&  !)!vL F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2500f9bf-f7cb-485e-a063-139ed181442a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **vL ]Ɋ& !vL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=deae8f9d-975d-4a0f-ba50-41a0012f210f HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2500f9bf-f7cb-485e-a063-139ed181442a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base**vL ]Ɋ& '!XvL F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**vL ]Ɋ& ?!XvL F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**vL ]Ɋ& ;!XvL F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe**vL ]Ɋ& 3!XvL F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F**vL ]Ɋ& 3!XvL F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers**vL ]Ɋ& 5!XvL F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0vL ]Ɋ& !vL F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=669ae80e-94ad-44e2-afd0-94de0f537361 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=280**@wL ]Ɋ& !wL F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=96563249-9475-4043-a980-12eed79e59b7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=669ae80e-94ad-44e2-afd0-94de0f537361 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& 5!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**  ]Ɋ& 5!X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**  ]Ɋ& 7!X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0  ]Ɋ& !  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4895ba82-e9a9-42ff-9311-fa213a0a82df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@  ]Ɋ& !  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e0456fd-bd85-4940-818e-44070542a0e1 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4895ba82-e9a9-42ff-9311-fa213a0a82df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==47@**X  ]Ɋ& !X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=050bh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c553e6f0-abc5-4c13-a536-115fc6d93031 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2d0f8fe8-9267-4e01-ac4d-5ee5a513f291 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c553e6f0-abc5-4c13-a536-115fc6d93031 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8Gz ]Ɋ& !XGz F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**PGz ]Ɋ& !XGz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**PGz ]Ɋ& !XGz F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d24aP**HGz ]Ɋ& !XGz F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FH]Ɋ& ]Ɋ& {XGz ElfChnkIIH'YϢt4Mu=VysMc&&**HGz ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!XGz F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**HGz ]Ɋ& !XGz F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**Gz ]Ɋ& !Gz F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fd0468bf-77db-4b89-ad85-d95a0a8168ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Gz ]Ɋ& !Gz F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=13448b63-8fc6-4f20-a887-cebe64a92928 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fd0468bf-77db-4b89-ad85-d95a0a8168ce PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**XGz ]Ɋ& !XGz F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pGz ]Ɋ& !XGz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hGz ]Ɋ& !XGz F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**` Gz ]Ɋ& !XGz  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`!Gz ]Ɋ& !XGz! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`"Gz ]Ɋ& !XGz" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**#Gz ]Ɋ& !Gz# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2266d6f5-58a2-4b8a-b78a-ca0fb8a9acb7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**$Gz ]Ɋ& !Gz$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4f11600e-510a-4e33-9562-f30ffc8d5e8c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2266d6f5-58a2-4b8a-b78a-ca0fb8a9acb7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(% ]Ɋ& !X% F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@& ]Ɋ& !X& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@' ]Ɋ& !X' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8( ]Ɋ& !X( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8) ]Ɋ& !X) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8* ]Ɋ& !X* F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**+ ]Ɋ& !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=aae93c22-ed05-4424-848b-7b451b6eb5b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **,t ]Ɋ& !t, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b7ea44b-ce1a-4051-a9c3-46a4b4cc46a4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=aae93c22-ed05-4424-848b-7b451b6eb5b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**X- ]Ɋ& !X- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p. ]Ɋ& !X. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p/ ]Ɋ& !X/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**h0 ]Ɋ& !X0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**h1 ]Ɋ& !X1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**h2 ]Ɋ& !X2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath**3 ]Ɋ&  !3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=113fde8e-fa33-4ecc-a316-70bb649a3f43 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**47u ]Ɋ& !7u4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2a2a2cf7-04c7-42c8-beef-95b140838502 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=113fde8e-fa33-4ecc-a316-70bb649a3f43 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=**57u ]Ɋ& '!X7u5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **67u ]Ɋ& ?!X7u6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**77u ]Ɋ& ;!X7u7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**87u ]Ɋ& 3!X7u8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **97u ]Ɋ& 3!X7u9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**:7u ]Ɋ& 5!X7u: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0;7u ]Ɋ& !7u; F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a279cfe6-0bed-4966-9fe3-95a79f218827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@<d  ]Ɋ& !d < F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9274cbb4-89ca-4f2c-a919-27f85f8cbb92 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=a279cfe6-0bed-4966-9fe3-95a79f218827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-fa2@**= ]Ɋ& )!X= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**> ]Ɋ& A!X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**? ]Ɋ& =!X? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5e**@ ]Ɋ& 5!X@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**A ]Ɋ& 5!XA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**B ]Ɋ& 7!XB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0C+ ]Ɋ& !+C F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a77d7fb9-1086-4349-ab77-08b7cacd8920 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@DJ ]Ɋ& !JD F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4789c81f-951e-4d37-8a95-8135ce8ae231 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a77d7fb9-1086-4349-ab77-08b7cacd8920 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**XEJ ]Ɋ& !XJE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**pFJ ]Ɋ& !XJF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hGJ ]Ɋ& !XJG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`HJ ]Ɋ& !XJH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`IJ ]Ɋ& !XJI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==` FH] ]Ɋ& XJJ F& ElfChnkJzJzRHׂMu=VysMc&&**hJJ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!XJJ F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**KJ ]Ɋ&  !JK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a28dc584-2b65-4727-8196-2cc1100d6804 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**LX ]Ɋ& !XL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3c92469-21f1-405f-83c2-1b31ce03566f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a28dc584-2b65-4727-8196-2cc1100d6804 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8MX ]Ɋ& !XXM F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PNX ]Ɋ& !XXN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**POX ]Ɋ& !XXO F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**HPX ]Ɋ& !XXP F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**HQX ]Ɋ& !XXQ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**HRX ]Ɋ& !XXR F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**SX ]Ɋ& !XS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b2b71fed-3d41-4616-be8f-f73d8f0819cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=#**TX ]Ɋ& !XT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7d4fdec8-dd5c-46a9-bf04-41db6430b835 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b2b71fed-3d41-4616-be8f-f73d8f0819cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**XU{ ]Ɋ& !X{U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**pV{ ]Ɋ& !X{V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**hW{ ]Ɋ& !X{W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`X{ ]Ɋ& !X{X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`Y{ ]Ɋ& !X{Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`Z{ ]Ɋ& !X{Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**[{ ]Ɋ& !{[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7cebdeaa-8b5f-4f6d-9168-05639334dfaa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\{ ]Ɋ& !{\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7cf1e574-dc55-408e-a298-b62e330935fd HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7cebdeaa-8b5f-4f6d-9168-05639334dfaa PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(]{ ]Ɋ& !X{] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@^{ ]Ɋ& !X{^ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@_{ ]Ɋ& !X{_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**8`{ ]Ɋ& !X{` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8a{ ]Ɋ& !X{a F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8b{ ]Ɋ& !X{b F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**c{ ]Ɋ& !{c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7738125a-aac1-4553-9d5f-4bcb6ab58e67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3a918e5b-f6c2-41c4-bc35-eae1d04f78b1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7738125a-aac1-4553-9d5f-4bcb6ab58e67 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**XeE ]Ɋ& !XEe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**pfE ]Ɋ& !XEf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pgE ]Ɋ& !XEg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfop**hhE ]Ɋ& !XEh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insh**hiE ]Ɋ& !XEi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIdh**hjE ]Ɋ& !XEj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omh**kE ]Ɋ&  !Ek F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=407bef99-904a-4516-be07-3cde7dac49e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**lI ]Ɋ& !Il F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5d896246-7fb1-4bf7-8e45-f97c5250bfb6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=407bef99-904a-4516-be07-3cde7dac49e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oleH**mI ]Ɋ& '!XIm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**nI ]Ɋ& ?!XIn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**oI ]Ɋ& ;!XIo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**pI ]Ɋ& 3!XIp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **qI ]Ɋ& 3!XIq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame**rI ]Ɋ& 5!XIr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rs**0sv ]Ɋ& !vs F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4653fec2-b103-4038-8c44-7a322f70c493 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er0**@tv ]Ɋ& !vt F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7e96c307-c2f0-4146-ac48-32885e88bdff HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=4653fec2-b103-4038-8c44-7a322f70c493 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d892@**u[_ ]Ɋ& )!X[_u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=prod**v[_ ]Ɋ& A!X[_v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se**w[_ ]Ɋ& =!X[_w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=56**x[_ ]Ɋ& 5!X[_x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**y[_ ]Ɋ& 5!X[_y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**z[_ ]Ɋ& 7!X[_z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk{{;\zMu=VysMc&&**8{[_ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ![_{ F&F%g>9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=313654b4-8fa3-4feb-b8f4-7006e2e031ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@| _ ]Ɋ& ! _| F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=313654b4-8fa3-4feb-b8f4-7006e2e031ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**X}%!_ ]Ɋ& !X%!_} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**p~%!_ ]Ɋ& !X%!_~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**h%!_ ]Ɋ& !X%!_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**`%!_ ]Ɋ& !X%!_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**`%!_ ]Ɋ& !X%!_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**h%!_ ]Ɋ& !X%!_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh**%!_ ]Ɋ&  !%!_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd1c3cd0-5b6e-4e80-9bdc-d750056b5182 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**%!_ ]Ɋ& !%!_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb12fa45-4ceb-4741-97bf-eefddb829826 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd1c3cd0-5b6e-4e80-9bdc-d750056b5182 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8.!_ ]Ɋ& !X.!_ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P.!_ ]Ɋ& !X.!_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**P.!_ ]Ɋ& !X.!_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**H.!_ ]Ɋ& !X.!_ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**H.!_ ]Ɋ& !X.!_ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**H.!_ ]Ɋ& !X.!_ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH**.!_ ]Ɋ& !.!_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f4469cc-3af6-496e-8ad6-7a97f1904b32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**.!_ ]Ɋ& !.!_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8a410047-e12a-4e6f-b4fb-202767c308e6 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f4469cc-3af6-496e-8ad6-7a97f1904b32 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XV"_ ]Ɋ& !XV"_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==7ceX**pV"_ ]Ɋ& !XV"_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hV"_ ]Ɋ& !XV"_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`V"_ ]Ɋ& !XV"_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`V"_ ]Ɋ& !XV"_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`V"_ ]Ɋ& !XV"_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**V"_ ]Ɋ& !V"_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ef85f49a-78c3-46c7-befc-d90cad000e12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**V"_ ]Ɋ& !V"_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cfa1f66f-e90d-4a8f-9333-76fcbbda63e4 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ef85f49a-78c3-46c7-befc-d90cad000e12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(V"_ ]Ɋ& !XV"_ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@V"_ ]Ɋ& !XV"_ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@V"_ ]Ɋ& !XV"_ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8V"_ ]Ɋ& !XV"_ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8V"_ ]Ɋ& !XV"_ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**8V"_ ]Ɋ& !XV"_ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**V"_ ]Ɋ& !V"_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f2a7f0d4-81d5-4fd1-85f3-a391236654ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru**["_ ]Ɋ& !["_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d768b17f-57bd-40f2-b3ca-9c829e671ee2 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f2a7f0d4-81d5-4fd1-85f3-a391236654ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**XQ%_ ]Ɋ& !XQ%_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**pQ%_ ]Ɋ& !XQ%_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**pQ%_ ]Ɋ& !XQ%_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**hQ%_ ]Ɋ& !XQ%_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**hQ%_ ]Ɋ& !XQ%_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**hQ%_ ]Ɋ& !XQ%_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**Q%_ ]Ɋ&  !Q%_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4441b995-7282-4a2c-9298-7f9ff2d4d728 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**K%_ ]Ɋ& !K%_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4d6947cd-3370-4060-91d8-4e5c8d117269 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4441b995-7282-4a2c-9298-7f9ff2d4d728 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**&_ ]Ɋ& '!X&_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**&_ ]Ɋ& ?!X&_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**&_ ]Ɋ& ;!X&_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**&_ ]Ɋ& 3!X&_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**&_ ]Ɋ& 3!X&_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**&_ ]Ɋ& 5!X&_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 35&_ F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**z[_ ]Ɋ& 7!X[_z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkHB~q%ܴMu=VysMc&&**8 &_ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !&_ F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=88a0bd75-2549-48f4-bcf1-5b17b4341d7a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f-48 **@x'_ ]Ɋ& !x'_ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b682fbd3-ccc3-4f83-ad84-788aab55c3d0 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=88a0bd75-2549-48f4-bcf1-5b17b4341d7a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**)h ]Ɋ& )!X)h F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**)h ]Ɋ& A!X)h F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **)h ]Ɋ& =!X)h F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **)h ]Ɋ& 5!X)h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=41**)h ]Ɋ& 5!X)h F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**)h ]Ɋ& 7!X)h F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0)h ]Ɋ& !)h F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=784bad4e-1bdc-4277-a0ae-b968129606cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@V)j ]Ɋ& !V)j F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f918d7ee-d0fc-484a-b805-f95cae8cbe62 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=784bad4e-1bdc-4277-a0ae-b968129606cf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**XV)j ]Ɋ& !XV)j F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pV)j ]Ɋ& !XV)j F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hV)j ]Ɋ& !XV)j F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`V)j ]Ɋ& !XV)j F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`V)j ]Ɋ& !XV)j F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hV)j ]Ɋ& !XV)j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!_h**V)j ]Ɋ&  !V)j F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bfd4aa86-a1b6-44b3-8788-7177c45780a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**j ]Ɋ& !j F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f327f24e-b4b8-43d5-a5ae-960209d236ba HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bfd4aa86-a1b6-44b3-8788-7177c45780a2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**8j ]Ɋ& !Xj F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pj ]Ɋ& !Xj F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pj ]Ɋ& !Xj F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**Hj ]Ɋ& !Xj F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hj ]Ɋ& !Xj F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hj ]Ɋ& !Xj F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**j ]Ɋ& !j F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4799bd7f-1480-4977-992b-24356268a635 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**j ]Ɋ& !j F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=57a9175d-b271-41ba-88f2-13a82d64e8a2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4799bd7f-1480-4977-992b-24356268a635 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**Xj ]Ɋ& !Xj F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pj ]Ɋ& !Xj F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**hj ]Ɋ& !Xj F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`j ]Ɋ& !Xj F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b1`**`j ]Ɋ& !Xj F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**`j ]Ɋ& !Xj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**j ]Ɋ& !j F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3cb05290-6bd4-4038-96f8-193f33c24a1b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**Zk ]Ɋ& !Zk F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e30588e0-4648-41ab-8c9c-efb3dc715938 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3cb05290-6bd4-4038-96f8-193f33c24a1b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(Zk ]Ɋ& !XZk F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@Zk ]Ɋ& !XZk F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@Zk ]Ɋ& !XZk F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**8Zk ]Ɋ& !XZk F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8Zk ]Ɋ& !XZk F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8Zk ]Ɋ& !XZk F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**Zk ]Ɋ& !Zk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9d927250-1c28-44c9-b5a0-48bbf3d15827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**k ]Ɋ& !k F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5f027af5-739a-4ecd-82bc-5c509182f7c5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9d927250-1c28-44c9-b5a0-48bbf3d15827 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**XF$m ]Ɋ& !XF$m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**pF$m ]Ɋ& !XF$m F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pF$m ]Ɋ& !XF$m F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**hF$m ]Ɋ& !XF$m F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**hF$m ]Ɋ& !XF$m F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**hF$m ]Ɋ& !XF$m F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**F$m ]Ɋ&  !F$m F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e69d844-c944-4048-8f21-11b9e4b12861 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**ݼm ]Ɋ& !ݼm F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=106a90fa-3552-4954-b566-4b07c19365b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5e69d844-c944-4048-8f21-11b9e4b12861 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=35&_ ]Ɋ&  CXݼm F&ommandPath= CommandLine=wP**z[_ ]Ɋ& 7!X[_z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=92d6241f-41d1-4c7d-be75-d21018c26fb7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(gMu=VysMc&&** ݼm ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xݼm F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ݼm ]Ɋ& ?!Xݼm F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**ݼm ]Ɋ& ;!Xݼm F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **ݼm ]Ɋ& 3!Xݼm F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**ݼm ]Ɋ& 3!Xݼm F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**ݼm ]Ɋ& 5!Xݼm F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0ݼm ]Ɋ& !ݼm F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=701add35-63fd-47c8-97e0-dc3b5c4a9d5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@ n ]Ɋ& ! n F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72008b1a-cecd-433a-949c-5696dd022ffe HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=701add35-63fd-47c8-97e0-dc3b5c4a9d5c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @** & ]Ɋ& )!X & F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc** & ]Ɋ& A!X & F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta** & ]Ɋ& =!X & F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d5** & ]Ɋ& 5!X & F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho** & ]Ɋ& 5!X & F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me** & ]Ɋ& 7!X & F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0S & ]Ɋ& !S & F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf559708-addb-4cd4-89ab-6a82e7da7195 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@2 & ]Ɋ& !2 & F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3f51a9ba-7dd5-4949-95c0-e038bb1ca0e6 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cf559708-addb-4cd4-89ab-6a82e7da7195 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**X2 & ]Ɋ& !X2 & F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p2 & ]Ɋ& !X2 & F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h2 & ]Ɋ& !X2 & F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`2 & ]Ɋ& !X2 & F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**`2 & ]Ɋ& !X2 & F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h2 & ]Ɋ& !X2 & F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=jh** & ]Ɋ&  ! & F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ca89650-cefd-4609-8496-c9fcd043d76a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** & ]Ɋ& ! & F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6104f136-3a0f-4964-b4ba-d86f638a4d00 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7ca89650-cefd-4609-8496-c9fcd043d76a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8 & ]Ɋ& !X & F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P & ]Ɋ& !X & F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=jP**P & ]Ɋ& !X & F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**H & ]Ɋ& !X & F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**H & ]Ɋ& !X & F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**H & ]Ɋ& !X & F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH** & ]Ɋ& ! & F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=749ad1e8-d1b5-4851-aec5-b8c0e948ecda PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= ** & ]Ɋ& ! & F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=81dab1a8-43cc-4745-8b6c-43356643ebbf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=749ad1e8-d1b5-4851-aec5-b8c0e948ecda PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xd & ]Ɋ& !Xd & F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**pd & ]Ɋ& !Xd & F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**hd & ]Ɋ& !Xd & F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**`d & ]Ɋ& !Xd & F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`d & ]Ɋ& !Xd & F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`d & ]Ɋ& !Xd & F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**d & ]Ɋ& !d & F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0e89817-6852-404f-b374-fb709292618d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R**d & ]Ɋ& !d & F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c7bc8ead-1e3f-450d-971f-860cdca63d43 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f0e89817-6852-404f-b374-fb709292618d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**( & ]Ɋ& !X & F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@ & ]Ɋ& !X & F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@ & ]Ɋ& !X & F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b07@**8 & ]Ɋ& !X & F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8 & ]Ɋ& !X &  F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**8 & ]Ɋ& !X &  F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8** & ]Ɋ& ! &  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8200226e-a336-4524-b590-c8ab8abcb76c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al** C & ]Ɋ& !C &  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb501ee2-a795-4320-8d34-d040c5ea81ec HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8200226e-a336-4524-b590-c8ab8abcb76c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**X & ]Ɋ& !X&  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**p& ]Ɋ& !X& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p& ]Ɋ& !X& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& 5-X& F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkBBy40Mu=VysMc&&**h & ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!X& F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h& ]Ɋ& !X& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**h& ]Ɋ& !X& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch**& ]Ɋ&  !& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cb085428-ba3c-451c-83d7-c664db5f1c2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**& ]Ɋ& !& F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=74476a9e-15eb-4855-8956-cd982397f18c HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cb085428-ba3c-451c-83d7-c664db5f1c2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst**4& ]Ɋ& '!X4& F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**4& ]Ɋ& ?!X4& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**4& ]Ɋ& ;!X4& F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**4& ]Ɋ& 3!X4& F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4& ]Ɋ& 3!X4& F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**4& ]Ɋ& 5!X4& F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**04& ]Ɋ& !4& F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e97f9f31-8b69-484a-ab60-cfb1c6b7b047 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@(& ]Ɋ& !(& F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4e52ec5c-5473-4b26-8291-27c6ec948543 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e97f9f31-8b69-484a-ab60-cfb1c6b7b047 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**GSr ]Ɋ& )!XGSr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**GSr ]Ɋ& A!XGSr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**GSr ]Ɋ& =!XGSr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mm** GSr ]Ɋ& 5!XGSr  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g **!GSr ]Ɋ& 5!XGSr! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na**"GSr ]Ɋ& 7!XGSr" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**0#r ]Ɋ& !r# F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85da2ece-5a92-4778-be50-5021d913ae97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f0**@$tr ]Ɋ& !tr$ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ec2f2cd9-1c77-42c4-8864-ddc38cdfd098 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=85da2ece-5a92-4778-be50-5021d913ae97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C@**X% r ]Ɋ& !X r% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artX**p& r ]Ɋ& !X r& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceNp**h' r ]Ɋ& !X r' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`( r ]Ɋ& !X r( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**`) r ]Ɋ& !X r) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s`**h* r ]Ɋ& !X r* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 h**+ r ]Ɋ&  ! r+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=20722ce5-4b89-45a1-9e89-e3a78fc922b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ppli**, r ]Ɋ& ! r, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=eba8988a-5bd2-41e2-8346-3eb2ad3a02fb HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=20722ce5-4b89-45a1-9e89-e3a78fc922b1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**8- r ]Ɋ& !X r- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f-8**P. r ]Ɋ& !X r. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=adP**P/ r ]Ɋ& !X r/ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HP**H0 r ]Ɋ& !X r0 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tVerH**H1 r ]Ɋ& !X r1 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leHoH**H2 r ]Ɋ& !X r2 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stNH**3r ]Ɋ& !r3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=defe939f-06fb-4d8d-9dfe-dfae3f712200 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsi**4r ]Ɋ& !r4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8e032076-07e0-45dc-a8a7-0e73f7add3c1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=defe939f-06fb-4d8d-9dfe-dfae3f712200 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**X5r ]Ɋ& !Xr5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SX**p6r ]Ɋ& !Xr6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h7r ]Ɋ& !Xr7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**`8r ]Ɋ& !Xr8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`9r ]Ɋ& !Xr9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll`**`:r ]Ɋ& !Xr: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**;r ]Ɋ& !r; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4b1caa6-3ad3-43e1-a0f3-2a12bbd8edcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**<7Nr ]Ɋ& !7Nr< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7417f65b-fd6b-4bab-b0e2-5fe014918cab HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4b1caa6-3ad3-43e1-a0f3-2a12bbd8edcd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uen**(=7Nr ]Ɋ& !X7Nr= F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t(**@>7Nr ]Ɋ& !X7Nr> F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@?7Nr ]Ɋ& !X7Nr? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**8@7Nr ]Ɋ& !X7Nr@ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liz8**8A7Nr ]Ɋ& !X7NrA F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nin8**8B7Nr ]Ɋ& !X7NrB F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8F& ElfChnkCtCt@s/BMu=VysMc&&** C7Nr ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! m!7NrC F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1cfdf800-d65f-448b-82e6-95b6aed44296 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sio **Dr ]Ɋ& !rD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6a66be4d-271f-4b37-a935-cc1a6fff84d5 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1cfdf800-d65f-448b-82e6-95b6aed44296 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izat**XE(Ir ]Ɋ& !X(IrE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pF(Ir ]Ɋ& !X(IrF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bp**pG(Ir ]Ɋ& !X(IrG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=opep**hH(Ir ]Ɋ& !X(IrH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ltuh**hI(Ir ]Ɋ& !X(IrI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hJ(Ir ]Ɋ& !X(IrJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Idh**K(Ir ]Ɋ&  !(IrK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0da3177d-eb93-4b40-82fd-8a30624ef594 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**Lr ]Ɋ& !rL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72d88fe5-bcb2-4973-b0b9-fb48b5256967 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0da3177d-eb93-4b40-82fd-8a30624ef594 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**MUzr ]Ɋ& '!XUzrM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**NUzr ]Ɋ& ?!XUzrN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**OUzr ]Ɋ& ;!XUzrO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**PUzr ]Ɋ& 3!XUzrP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**QUzr ]Ɋ& 3!XUzrQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**RUzr ]Ɋ& 5!XUzrR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0SUzr ]Ɋ& !UzrS F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=836c5ea2-fe0d-48ce-a8f7-3b40274ec375 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=la0**@Tr ]Ɋ& !rT F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ca72e558-42c6-4db2-8396-067995ff203b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=836c5ea2-fe0d-48ce-a8f7-3b40274ec375 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng -@**Uԗ ]Ɋ& )!XԗU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**Vԗ ]Ɋ& A!XԗV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e2-8**Wԗ ]Ɋ& =!XԗW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**Xԗ ]Ɋ& 5!XԗX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**Yԗ ]Ɋ& 5!XԗY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Zԗ ]Ɋ& 7!XԗZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**0[~jԗ ]Ɋ& !~jԗ[ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=364fe978-b9ef-4d17-8340-dc581ddc60f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@\ԗ ]Ɋ& !ԗ\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=50bf2e34-3a6d-4859-9ac1-a5c604cf8a95 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=364fe978-b9ef-4d17-8340-dc581ddc60f1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pel@**X]ԗ ]Ɋ& !Xԗ] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RX**p^ԗ ]Ɋ& !Xԗ^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersp**h_ԗ ]Ɋ& !Xԗ_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ph**``ԗ ]Ɋ& !Xԗ` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**`aԗ ]Ɋ& !Xԗa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hbԗ ]Ɋ& !Xԗb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**cԗ ]Ɋ&  !ԗc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fc8df50f-a7fa-42cd-8fc8-90a8aff1b5cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Line**dԗ ]Ɋ& !ԗd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cfb36169-1fbf-4712-a10a-616db3102264 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=fc8df50f-a7fa-42cd-8fc8-90a8aff1b5cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8eԗ ]Ɋ& !Xԗe F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt8**Pfԗ ]Ɋ& !Xԗf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipP**Pgԗ ]Ɋ& !Xԗg F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CommP**Hhԗ ]Ɋ& !Xԗh F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**Hiԗ ]Ɋ& !Xԗi F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= PipH**Hjԗ ]Ɋ& !Xԗj F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspH**kA4ԗ ]Ɋ& !A4ԗk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=978522ae-cbf2-49c7-97a0-d81383ed4859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**lA4ԗ ]Ɋ& !A4ԗl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=54895602-09de-4da2-a217-5e41d0b17830 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=978522ae-cbf2-49c7-97a0-d81383ed4859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**XmA4ԗ ]Ɋ& !XA4ԗm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIdX**pnA4ԗ ]Ɋ& !XA4ԗn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obalp**hoA4ԗ ]Ɋ& !XA4ԗo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=x h**`pA4ԗ ]Ɋ& !XA4ԗp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`qA4ԗ ]Ɋ& !XA4ԗq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`rA4ԗ ]Ɋ& !XA4ԗr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**sA4ԗ ]Ɋ& !A4ԗs F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ca76f9d2-7bfe-48df-a663-d42999b35c61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**tA4ԗ ]Ɋ& !A4ԗt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c67febe3-e1d3-4c1b-9ce9-3d5e451d0ca3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ca76f9d2-7bfe-48df-a663-d42999b35c61 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= EnneVersion=  ]Ɋ& maXԗu F&ndPath= CommandLine=8F& ElfChnkuuy"Mu=VysMc&&**0 uԗ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xԗu F&F%g>9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0 **@vԗ ]Ɋ& !Xԗv F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P@**@wԗ ]Ɋ& !Xԗw F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lue@**8xԗ ]Ɋ& !Xԗx F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndo8**8yԗ ]Ɋ& !Xԗy F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7 8**8zԗ ]Ɋ& !Xԗz F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er8**{ԗ ]Ɋ& !ԗ{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=994a7cd5-57f2-4fc1-bbc7-d4a9caf4f224 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(I**|neԗ ]Ɋ& !neԗ| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b26bf446-f5af-49ce-a2ca-8fa4128df5b9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=994a7cd5-57f2-4fc1-bbc7-d4a9caf4f224 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **X}ԗ ]Ɋ& !Xԗ} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pX**p~ԗ ]Ɋ& !Xԗ~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**pԗ ]Ɋ& !Xԗ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rinp**hԗ ]Ɋ& !Xԗ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hԗ ]Ɋ& !Xԗ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipth**hԗ ]Ɋ& !Xԗ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**ԗ ]Ɋ&  !ԗ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bc8a8683-e006-4e4e-a281-ce06ed7d6163 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eg**_`ԗ ]Ɋ& !_`ԗ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cbfdf4fe-2912-423c-993f-b974db1fb129 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bc8a8683-e006-4e4e-a281-ce06ed7d6163 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558-**ԗ ]Ɋ& '!Xԗ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**ԗ ]Ɋ& ?!Xԗ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**ԗ ]Ɋ& ;!Xԗ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **ԗ ]Ɋ& 3!Xԗ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**ԗ ]Ɋ& 3!Xԗ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ԗ ]Ɋ& 5!Xԗ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0ԗ ]Ɋ& !ԗ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c5b61d2d-ae8d-444b-858e-a8041f287531 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=si0**@ԗ ]Ɋ& !ԗ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30ff434f-5f80-4eca-a145-05ca24f10f6d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c5b61d2d-ae8d-444b-858e-a8041f287531 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**Բ8 ]Ɋ& )!XԲ8 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**Բ8 ]Ɋ& A!XԲ8 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**Բ8 ]Ɋ& =!XԲ8 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mI**Բ8 ]Ɋ& 5!XԲ8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-1**Բ8 ]Ɋ& 5!XԲ8 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**Բ8 ]Ɋ& 7!XԲ8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**0m8 ]Ɋ& !m8 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2192275f-de37-4079-ad3e-71ce0922a0ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@*8 ]Ɋ& !*8 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d092f789-16c3-4a87-acfc-0f53bf10b137 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2192275f-de37-4079-ad3e-71ce0922a0ec PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**XW78 ]Ɋ& !XW78 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= X**pW78 ]Ɋ& !XW78 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fp**hW78 ]Ɋ& !XW78 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`W78 ]Ɋ& !XW78 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`W78 ]Ɋ& !XW78 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hW78 ]Ɋ& !XW78 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**W78 ]Ɋ&  !W78 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fac4790-47fa-48b6-a301-4e1bc2ae7c1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=None**W78 ]Ɋ& !W78 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=36794874-a571-47cd-ab59-8fa3b267d871 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fac4790-47fa-48b6-a301-4e1bc2ae7c1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**8ϵ8 ]Ɋ& !Xϵ8 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m8**Pϵ8 ]Ɋ& !Xϵ8 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pϵ8 ]Ɋ& !Xϵ8 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hϵ8 ]Ɋ& !Xϵ8 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hϵ8 ]Ɋ& !Xϵ8 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hϵ8 ]Ɋ& !Xϵ8 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**ϵ8 ]Ɋ& !ϵ8 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8dfc1616-17cc-4814-ab9f-ecfe5be46038 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ϵ8 ]Ɋ& !ϵ8 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c8bd3dec-b364-4a07-859e-e85252bb8103 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8dfc1616-17cc-4814-ab9f-ecfe5be46038 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xh8 ]Ɋ& !Xh8 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mandXne= En ]Ɋ& Xh8 F& F&ndPath= CommandLine=8F& ElfChnk@҈ |HMu=VysMc&&**ph8 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!Xh8 F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**hh8 ]Ɋ& !Xh8 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**`h8 ]Ɋ& !Xh8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`h8 ]Ɋ& !Xh8 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f4`**`h8 ]Ɋ& !Xh8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**h8 ]Ɋ& !h8 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dad36920-ca39-41cf-bb59-0a59511ebb30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**h8 ]Ɋ& !h8 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c4837e7f-d7f7-4de8-a9c2-f7c454b1969a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dad36920-ca39-41cf-bb59-0a59511ebb30 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine={**(h8 ]Ɋ& !Xh8 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@h8 ]Ɋ& !Xh8 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@h8 ]Ɋ& !Xh8 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8h8 ]Ɋ& !Xh8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8h8 ]Ɋ& !Xh8 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8h8 ]Ɋ& !Xh8 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**8 ]Ɋ& !8 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ed8cf129-39d7-4d8d-994c-40c35292b890 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**8 ]Ɋ& !8 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ea3dd353-c651-499b-a156-b45b0bb31adf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ed8cf129-39d7-4d8d-994c-40c35292b890 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**X 8 ]Ɋ& !X 8 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p 8 ]Ɋ& !X 8 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cp**p 8 ]Ɋ& !X 8 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**h 8 ]Ɋ& !X 8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**h 8 ]Ɋ& !X 8 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h 8 ]Ɋ& !X 8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h** 8 ]Ɋ&  ! 8 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=09bb54b1-1377-42f8-a66d-46e9661d0e49 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8 ]Ɋ& !8 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=40d94209-4bb8-4033-a99d-b64d39a0d4cc HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=09bb54b1-1377-42f8-a66d-46e9661d0e49 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4ec**8 ]Ɋ& '!X8 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f**8 ]Ɋ& ?!X8 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**8 ]Ɋ& ;!X8 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**8 ]Ɋ& 3!X8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**8 ]Ɋ& 3!X8 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**8 ]Ɋ& 5!X8 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **08 ]Ɋ& !8 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8a8d0a93-d072-46b9-856e-2a6b7d1700bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@Ż8 ]Ɋ& !Ż8 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f82168e9-8046-4323-9320-ae6654c02540 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8a8d0a93-d072-46b9-856e-2a6b7d1700bb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**4< ]Ɋ& )!X4< F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**4< ]Ɋ& A!X4< F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**4< ]Ɋ& =!X4< F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **4< ]Ɋ& 5!X4< F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cd**4< ]Ɋ& 5!X4< F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**4< ]Ɋ& 7!X4< F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**04< ]Ɋ& !4< F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d8cb28ca-db15-44bc-963f-f3392bb9f81a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@am ]Ɋ& !am F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0cf27827-5bea-46bd-9e68-954a2149ec9b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d8cb28ca-db15-44bc-963f-f3392bb9f81a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c37e4ae2-26ed-4e06-bc7a-31d4012599c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c766d527-5a1b-41e8-a8f8-efdd5ff9cf1c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c37e4ae2-26ed-4e06-bc7a-31d4012599c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8 ]Ɋ& !X F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF& F&ndPath= CommandLine=8F& ElfChnk #Mu=VysMc&&**P ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!X F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8c54e17-2c9d-43d0-b7e2-186052361494 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=247a7a48-5f28-4ce7-8d4d-8927ab7f241e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a8c54e17-2c9d-43d0-b7e2-186052361494 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0b`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5d47df70-3ad9-49ef-832b-b7f19f3f0441 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=38502e2d-908a-4890-94c5-9c867a1c5ff3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=5d47df70-3ad9-49ef-832b-b7f19f3f0441 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**($7 ]Ɋ& !X$7 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@$7 ]Ɋ& !X$7 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@$7 ]Ɋ& !X$7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**8$7 ]Ɋ& !X$7 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**8$7 ]Ɋ& !X$7 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**8$7 ]Ɋ& !X$7 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**$7 ]Ɋ& !$7 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9e99292f-5975-45ab-9908-96f5a7c69687 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ϐ ]Ɋ& !ϐ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bd020926-2b48-464d-b929-5d6dc9d16c50 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=9e99292f-5975-45ab-9908-96f5a7c69687 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ef1ed58f-01b7-4b98-8b44-3d42d0ccff99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& !~ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3dad83f0-3bb2-4dd2-b23a-43b50ad38b78 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ef1ed58f-01b7-4b98-8b44-3d42d0ccff99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq**~ ]Ɋ& '!X~ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**~ ]Ɋ& ?!X~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**~ ]Ɋ& ;!X~ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& 3!X~ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **~ ]Ɋ& 3!X~ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**~ ]Ɋ& 5!X~ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0~ ]Ɋ& !~ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b4018ce7-dfe5-43b7-b56b-be435c84ce89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@ʓ ]Ɋ& !ʓ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1db3ce55-906d-4e0a-bd6d-0535002f9fa3 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=b4018ce7-dfe5-43b7-b56b-be435c84ce89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**I ]Ɋ& )!XI F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**I ]Ɋ& A!XI F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**I ]Ɋ& =!XI F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**I ]Ɋ& 5!XI F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**I ]Ɋ& 5!XI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**I ]Ɋ& 7!XI F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0I ]Ɋ& !I F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=14672bee-c1b7-4366-9e79-08873b7c58da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@% ]Ɋ& !% F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fe6aaf19-fb94-44af-b5ed-a49b5a365779 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=14672bee-c1b7-4366-9e79-08873b7c58da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**Xv ]Ɋ& !Xv F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=599X**pv ]Ɋ& !Xv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**hv ]Ɋ& !Xv F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& Xv F&dLine=8F& ElfChnk77(<>aMu=VysMc&&**hv ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!Xv F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` v ]Ɋ& !Xv  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h v ]Ɋ& !Xv  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h** v ]Ɋ&  !v  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea98b798-2956-496a-9bf9-0bb2740d1bca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** v ]Ɋ& !v  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=56b932a8-fdbf-43ab-836d-8e6210220049 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ea98b798-2956-496a-9bf9-0bb2740d1bca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**8 v ]Ɋ& !Xv  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pv ]Ɋ& !Xv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Pv ]Ɋ& !Xv F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**Hv ]Ɋ& !Xv F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hv ]Ɋ& !Xv F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hv ]Ɋ& !Xv F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**v ]Ɋ& !v F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dacba41d-8996-4872-ba4d-acc4d97115df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** W ]Ɋ& ! W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b88686b9-1214-4077-b792-51613884bef3 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dacba41d-8996-4872-ba4d-acc4d97115df PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X W ]Ɋ& !X W F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**p W ]Ɋ& !X W F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**h W ]Ɋ& !X W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**` W ]Ɋ& !X W F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**` W ]Ɋ& !X W F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**` W ]Ɋ& !X W F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`** W ]Ɋ& ! W F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8659ec04-c6f3-4fcc-a988-0b69598e9c4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** W ]Ɋ& ! W F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bfe8f29e-fccb-44bb-b2d5-24056c91995f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8659ec04-c6f3-4fcc-a988-0b69598e9c4f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**8  ]Ɋ& !X  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**8! ]Ɋ& !X! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b238**8" ]Ɋ& !X" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**# ]Ɋ& !# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8595a8ca-b8d4-480d-ba9c-e118b7b8c146 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$9 ]Ɋ& !9$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5f3c31b3-26a9-43f1-8781-5edea958aaa8 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=8595a8ca-b8d4-480d-ba9c-e118b7b8c146 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **X%Q ]Ɋ& !XQ% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p&Q ]Ɋ& !XQ& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p'Q ]Ɋ& !XQ' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**h(Q ]Ɋ& !XQ( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**h)Q ]Ɋ& !XQ) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h*Q ]Ɋ& !XQ* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**+Q ]Ɋ&  !Q+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d92fff1d-aede-4292-a730-83ccf456c2cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **, ]Ɋ& !, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33b4cc79-4fe0-400b-816f-8c301389cccf HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d92fff1d-aede-4292-a730-83ccf456c2cd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **- ]Ɋ& '!X- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**. ]Ɋ& ?!X. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**/ ]Ɋ& ;!X/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**0 ]Ɋ& 3!X0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**1 ]Ɋ& 3!X1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS**2 ]Ɋ& 5!X2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**03 ]Ɋ& !3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=16573e9b-f74b-4b46-80cd-a5b731c1d315 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@4 ]Ɋ& !4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2cb50a89-1f24-4714-9474-f59617a5f9b6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=16573e9b-f74b-4b46-80cd-a5b731c1d315 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**5LcK ]Ɋ& )!XLcK5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**6LcK ]Ɋ& A!XLcK6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**7LcK ]Ɋ& =!XLcK7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXLcK8 F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& Xv F&dLine=8F& ElfChnk8h8hplշRMu=VysMc&&**8LcK ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XLcK8 F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **9LcK ]Ɋ& 5!XLcK9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**:LcK ]Ɋ& 7!XLcK: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0;LcK ]Ɋ& !LcK; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a51c3be1-e885-4dc7-90c3-2e5ee474438c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@<yeK ]Ɋ& !yeK< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3752757f-22f8-4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a51c3be1-e885-4dc7-90c3-2e5ee474438c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=200@**X=yeK ]Ɋ& !XyeK= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**p>yeK ]Ɋ& !XyeK> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=121p**h?yeK ]Ɋ& !XyeK? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1h**`@yeK ]Ɋ& !XyeK@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`AyeK ]Ɋ& !XyeKA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hByeK ]Ɋ& !XyeKB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**CyeK ]Ɋ&  !yeKC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd9a2aaa-34a0-4cbc-9909-fb66bf257cae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS**DeK ]Ɋ& !eKD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cc26f120-54ce-4d22-b774-b1accf8df10c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd9a2aaa-34a0-4cbc-9909-fb66bf257cae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8EeK ]Ɋ& !XeKE F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**PFeK ]Ɋ& !XeKF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**PGeK ]Ɋ& !XeKG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**HHeK ]Ɋ& !XeKH F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**HIeK ]Ɋ& !XeKI F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**HJeK ]Ɋ& !XeKJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=056H**KeK ]Ɋ& !eKK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9b91fa8f-3b2f-45cb-b872-90a95de2d102 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**LeK ]Ɋ& !eKL F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=144b3e2d-0bb6-485a-b994-fb202b71f89d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9b91fa8f-3b2f-45cb-b872-90a95de2d102 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**XM1fK ]Ɋ& !X1fKM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5f3cX**pN1fK ]Ɋ& !X1fKN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**hO1fK ]Ɋ& !X1fKO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`P1fK ]Ɋ& !X1fKP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`Q1fK ]Ɋ& !X1fKQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`R1fK ]Ɋ& !X1fKR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**S1fK ]Ɋ& !1fKS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1498172c-7a2f-4098-b01c-9071f3749a90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**T1fK ]Ɋ& !1fKT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=25a4cc45-60b8-4f6b-9a85-13682a515e6c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1498172c-7a2f-4098-b01c-9071f3749a90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1b3**(U1fK ]Ɋ& !X1fKU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@V1fK ]Ɋ& !X1fKV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@W1fK ]Ɋ& !X1fKW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8X1fK ]Ɋ& !X1fKX F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8Y1fK ]Ɋ& !X1fKY F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8Z1fK ]Ɋ& !X1fKZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8**[1fK ]Ɋ& !1fK[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b21c22d0-620c-440f-a1ff-80b197161dea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=16**\bgK ]Ɋ& !bgK\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6f9e34a9-bfab-46a7-b13b-17d7d3e6acdf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=b21c22d0-620c-440f-a1ff-80b197161dea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**X],iK ]Ɋ& !X,iK] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**p^,iK ]Ɋ& !X,iK^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**p_,iK ]Ɋ& !X,iK_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h`,iK ]Ɋ& !X,iK` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**ha,iK ]Ɋ& !X,iKa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**hb,iK ]Ɋ& !X,iKb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f9h**c,iK ]Ɋ&  !,iKc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be2eea87-eb8c-4bcb-8632-c7af9ae142cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**d-iK ]Ɋ& !-iKd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=94e80274-9623-4cb8-85b4-837b1f66f7ab HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be2eea87-eb8c-4bcb-8632-c7af9ae142cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue**e]jK ]Ɋ& '!X]jKe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**f]jK ]Ɋ& ?!X]jKf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**g]jK ]Ɋ& ;!X]jKg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**h]jK ]Ɋ& 3!X]jKh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioX]jKi F&4973-a9e5-4789ce9546f2 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXLcK8 F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& Xv F&dLine=8F& ElfChnkiiHձ>KMu=VysMc&&** i]jK ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X]jKi F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **j]jK ]Ɋ& 5!X]jKj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lc**0k]jK ]Ɋ& !]jKk F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fe95632a-928d-4399-8e7e-0c9df4670a18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9e0**@lZjK ]Ɋ& !ZjKl F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=de7828d5-61ab-4bc1-bf6e-93263a3da3e5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=fe95632a-928d-4399-8e7e-0c9df4670a18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**mz. ]Ɋ& )!Xz.m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **nz. ]Ɋ& A!Xz.n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**oz. ]Ɋ& =!Xz.o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**pz. ]Ɋ& 5!Xz.p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cf**qz. ]Ɋ& 5!Xz.q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns**rz. ]Ɋ& 7!Xz.r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0sz. ]Ɋ& !z.s F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c1270ae-7a95-4b54-9542-5f79f8cea918 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@t_ ]Ɋ& !_t F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c7804255-0646-4494-b18d-fb14c2e30389 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8c1270ae-7a95-4b54-9542-5f79f8cea918 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**Xu_ ]Ɋ& !X_u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**pv_ ]Ɋ& !X_v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hw_ ]Ɋ& !X_w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`x_ ]Ɋ& !X_x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`y_ ]Ɋ& !X_y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hz_ ]Ɋ& !X_z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh**{> ]Ɋ&  !>{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=361bd816-eeb7-4d0e-b735-5324f1ae213b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe**|> ]Ɋ& !>| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cac4c426-12b3-4823-8c9e-c0085df7445b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=361bd816-eeb7-4d0e-b735-5324f1ae213b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**8}> ]Ɋ& !X>} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**P~> ]Ɋ& !X>~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**P> ]Ɋ& !X> F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fKP**H> ]Ɋ& !X> F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**H> ]Ɋ& !X> F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H> ]Ɋ& !X> F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**> ]Ɋ& !> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4cd44837-16d1-49e1-8c3a-7b8b6e80f2ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Ԑ ]Ɋ& !Ԑ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=68199209-1edc-40ad-91fa-0c7b90d7edbe HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4cd44837-16d1-49e1-8c3a-7b8b6e80f2ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f**XԐ ]Ɋ& !XԐ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**pԐ ]Ɋ& !XԐ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**hԐ ]Ɋ& !XԐ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`Ԑ ]Ɋ& !XԐ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a7`**`Ԑ ]Ɋ& !XԐ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`Ԑ ]Ɋ& !XԐ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**Ԑ ]Ɋ& !Ԑ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dfa96fb0-a475-4895-b419-d78d3acb0a19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**Ԑ ]Ɋ& !Ԑ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c6ad8ac-23cf-4905-8968-eef679f66624 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dfa96fb0-a475-4895-b419-d78d3acb0a19 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==b2**(k) ]Ɋ& !Xk) F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@k) ]Ɋ& !Xk) F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@k) ]Ɋ& !Xk) F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**8k) ]Ɋ& !Xk) F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8k) ]Ɋ& !Xk) F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8k) ]Ɋ& !Xk) F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**k) ]Ɋ& !k) F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0b2ed58e-64dd-4b7f-a6e7-0c8bba048c99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S**¯ ]Ɋ& !¯ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c8a3b57e-9786-425e-94f6-3d5bddef1544 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0b2ed58e-64dd-4b7f-a6e7-0c8bba048c99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**X򼲖 ]Ɋ& !X򼲖 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p򼲖 ]Ɋ& !X򼲖 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p򼲖 ]Ɋ& !X򼲖 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**h򼲖 ]Ɋ& !X򼲖 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**h򼲖 ]Ɋ& !X򼲖 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**h򼲖 ]Ɋ& !X򼲖 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !򼲖 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4b8a8617-482c-48ac-b23d-b08f45fdfd2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk8,H6Mu=VysMc&&** 򼲖 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !򼲖 F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4b8a8617-482c-48ac-b23d-b08f45fdfd2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **U ]Ɋ& !U F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4c0cb6d0-a39b-4252-9068-8255f7072bee HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4b8a8617-482c-48ac-b23d-b08f45fdfd2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=4** ]Ɋ& '!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u** ]Ɋ& ?!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e** ]Ɋ& ;!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run** ]Ɋ& 3!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi** ]Ɋ& 3!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== ** ]Ɋ& 5!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**0 ]Ɋ& ! F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f45eb46e-3fdd-43b0-8b50-79a2a66721b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0a0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4f2da9bc-fd3d-4be3-9003-f0fcf011d939 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f45eb46e-3fdd-43b0-8b50-79a2a66721b6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d P@** ]Ɋ& )!X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ]Ɋ& A!X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C** ]Ɋ& =!X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ** ]Ɋ& 5!X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr** ]Ɋ& 5!X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl** ]Ɋ& 7!X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0 ]Ɋ& ! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e70e7a46-58ca-4888-a1eb-df994a90874e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@(O ]Ɋ& !(O F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=435ac800-06e7-4f30-beb7-01d22f45ce4c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e70e7a46-58ca-4888-a1eb-df994a90874e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art@**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ch**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tId=h** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=702cd3fc-d7b1-41e7-ba95-43f0b39b7328 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=09-1** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c2630c2-0984-4409-b32a-3deb47a0b530 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=702cd3fc-d7b1-41e7-ba95-43f0b39b7328 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**8U ]Ɋ& !XU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3c8**PU ]Ɋ& !XU F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tIP**PU ]Ɋ& !XU F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4.0P**HU ]Ɋ& !XU F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**HU ]Ɋ& !XU F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConsH**HU ]Ɋ& !XU F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**U ]Ɋ& !U F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83d1a742-e393-4882-b01e-880ccdd54865 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=equ**U ]Ɋ& !U F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6cd63a24-f091-4ecd-b3cf-d8eccdbc0fdc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83d1a742-e393-4882-b01e-880ccdd54865 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**XU ]Ɋ& !XU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pU ]Ɋ& !XU F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Scp**hU ]Ɋ& !XU F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dOh**`U ]Ɋ& !XU F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns`**`U ]Ɋ& !XU F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh`**`U ]Ɋ& !XU F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6000a317-bc83-48f7-b986-6bac06788522 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7e93c6f1-bc12-42cd-be25-eb1d19ddfb1b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6000a317-bc83-48f7-b986-6bac06788522 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( ]Ɋ& !X F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m(**@ ]Ɋ& !X F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U@**@ ]Ɋ& !X F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8 ]Ɋ& !X F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ARE8**8 ]Ɋ& !X F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8 ]Ɋ& !X F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7a3b17c7-6afe-415d-8451-16748bc9461e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4e0b44d3-ed1f-437b-aa32-a1a01f4b676d HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7a3b17c7-6afe-415d-8451-16748bc9461e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInf**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X F&aceId=4b8a8617-482c-48ac-b23d-b08f45fdfd2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk0|T 9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **p ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**h ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**h ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh** ]Ɋ&  ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e44d53b3-38df-4e38-a28c-3882bb78fee2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**6v  ]Ɋ& !6v  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ee77439c-734e-497e-a6d4-d52da1bd8017 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e44d53b3-38df-4e38-a28c-3882bb78fee2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**  ]Ɋ& '!X  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**  ]Ɋ& ?!X  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**  ]Ɋ& ;!X  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1d2**  ]Ɋ& 3!X  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**  ]Ɋ& 3!X  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=22f**  ]Ɋ& 5!X  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0  ]Ɋ& !  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d4d661fd-b43f-4e71-a263-9b4160a80376 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@c  ]Ɋ& !c  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e2c8f47a-8601-4038-8e85-c6a67c1bfbbc HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d4d661fd-b43f-4e71-a263-9b4160a80376 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**CT] ]Ɋ& )!XCT] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **CT] ]Ɋ& A!XCT] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**CT] ]Ɋ& =!XCT] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**CT] ]Ɋ& 5!XCT] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**CT] ]Ɋ& 5!XCT] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**CT] ]Ɋ& 7!XCT] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0CT] ]Ɋ& !CT] F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bfac194-6521-41ca-a448-d1fd8cf1c397 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@NT] ]Ɋ& !NT] F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a6498775-cfc5-4198-a3b6-7905292baf3e HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bfac194-6521-41ca-a448-d1fd8cf1c397 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**XtU] ]Ɋ& !XtU] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**ptU] ]Ɋ& !XtU] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**htU] ]Ɋ& !XtU] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`tU] ]Ɋ& !XtU] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`tU] ]Ɋ& !XtU] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**htU] ]Ɋ& !XtU] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**tU] ]Ɋ&  !tU] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7d2ba48-229b-4f66-a9e3-d6a6386ed2ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**tU] ]Ɋ& !tU] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08f07eef-8182-449c-a764-059a055857a0 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f7d2ba48-229b-4f66-a9e3-d6a6386ed2ed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8{ V] ]Ɋ& !X{ V] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**P{ V] ]Ɋ& !X{ V] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**P{ V] ]Ɋ& !X{ V] F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H{ V] ]Ɋ& !X{ V] F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**H{ V] ]Ɋ& !X{ V] F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**H{ V] ]Ɋ& !X{ V] F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**{ V] ]Ɋ& !{ V] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0122b64f-a01d-4d2e-8f7f-48420c31b2b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**V] ]Ɋ& !V] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f00643de-9674-49d4-bb6d-dd5701607123 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0122b64f-a01d-4d2e-8f7f-48420c31b2b5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XV] ]Ɋ& !XV] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**pV] ]Ɋ& !XV] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**hV] ]Ɋ& !XV] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`V] ]Ɋ& !XV] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`V] ]Ɋ& !XV] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`V] ]Ɋ& !XV] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**V] ]Ɋ& !V] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c3d8122d-74a0-4d7c-bf81-028d71830c98 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**>W] ]Ɋ& !>W] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f4def465-c057-436a-9d32-02d9a333a834 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c3d8122d-74a0-4d7c-bf81-028d71830c98 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(?W] ]Ɋ& !X?W] F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@?W] ]Ɋ& !X?W] F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@?W] ]Ɋ& !X?W] F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@ 65535 Eng ]Ɋ& ndX?W] F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X F&aceId=4b8a8617-482c-48ac-b23d-b08f45fdfd2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk00pKyߗMu=VysMc&&**8 ?W] ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X?W] F&F%g>9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8?W] ]Ɋ& !X?W] F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8?W] ]Ɋ& !X?W] F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**?W] ]Ɋ& !?W] F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=056497d5-dbb3-4dfe-a001-bee09e245381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ee**oX] ]Ɋ& !oX] F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b2fba69f-2e3e-49f6-9fca-b5fb45b46304 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=056497d5-dbb3-4dfe-a001-bee09e245381 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**X9Z] ]Ɋ& !X9Z] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p9Z] ]Ɋ& !X9Z] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p9Z] ]Ɋ& !X9Z] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h9Z] ]Ɋ& !X9Z] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**h 9Z] ]Ɋ& !X9Z]  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**h 9Z] ]Ɋ& !X9Z]  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1-h** 9Z] ]Ɋ&  !9Z]  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=103ff638-51b4-4b3b-9a3f-2c1a375f3b2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O** j[] ]Ɋ& !j[]  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a2b0890f-ca74-4118-9bfc-2b038cd3595d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=103ff638-51b4-4b3b-9a3f-2c1a375f3b2c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[** j[] ]Ɋ& '!Xj[]  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**j[] ]Ɋ& ?!Xj[] F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**j[] ]Ɋ& ;!Xj[] F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**j[] ]Ɋ& 3!Xj[] F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **j[] ]Ɋ& 3!Xj[] F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp**j[] ]Ɋ& 5!Xj[] F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**0j[] ]Ɋ& !j[] F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d71bb2e9-4ef0-456e-a875-f1a66c1e83e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@\] ]Ɋ& !\] F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=19f381ba-edd6-4e02-8db5-70917e4296d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=d71bb2e9-4ef0-456e-a875-f1a66c1e83e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@**&" ]Ɋ& )!X&" F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**&" ]Ɋ& A!X&" F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**&" ]Ɋ& =!X&" F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**&" ]Ɋ& 5!X&" F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**&" ]Ɋ& 5!X&" F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**&" ]Ɋ& 7!X&" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0&" ]Ɋ& !&" F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e88b4278-a3e2-4f6d-b511-9f803dacdacf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@W# ]Ɋ& !W# F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f42982ac-8d7f-4e30-955b-fe9553f78018 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e88b4278-a3e2-4f6d-b511-9f803dacdacf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=82-@**XY# ]Ɋ& !XY# F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**pY# ]Ɋ& !XY# F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**hY# ]Ɋ& !XY# F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3h**` Y# ]Ɋ& !XY#  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4`**`!Y# ]Ɋ& !XY#! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1`**h"Y# ]Ɋ& !XY#" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**#Y# ]Ɋ&  !Y## F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=010bf5fc-5a16-4411-a36f-d90f414d6137 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**$Y# ]Ɋ& !Y#$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5c2f7e38-7901-4886-9808-78ca892da11e HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=010bf5fc-5a16-4411-a36f-d90f414d6137 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8%$ ]Ɋ& !X$% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**P&$ ]Ɋ& !X$& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**P'$ ]Ɋ& !X$' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**H($ ]Ɋ& !X$( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=33a8H**H)$ ]Ɋ& !X$) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-9d3H**H*$ ]Ɋ& !X$* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65-H**+$ ]Ɋ& !$+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b1eb8d89-b9e4-4f74-9450-fed39254c596 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=834**,$ ]Ɋ& !$, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f5dc9958-01f3-47d7-ba58-cf0b97e2dc01 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b1eb8d89-b9e4-4f74-9450-fed39254c596 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3**X-$ ]Ɋ& !X$- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**p.$ ]Ɋ& !X$. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**h/$ ]Ɋ& !X$/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`0$ ]Ɋ& !X$0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CX$1 F&wid@ 65535 Eng ]Ɋ& ndX?W] F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53X F&aceId=4b8a8617-482c-48ac-b23d-b08f45fdfd2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk1a1a@?fO0Mu=VysMc&&**h1$ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X$1 F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`2$ ]Ɋ& !X$2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**3$ ]Ɋ& !$3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec2bca3c-22ab-4be0-b2d4-c18e24aef8bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**4!% ]Ɋ& !!%4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=16efc83c-cde1-4ea1-a737-032c3e1aa915 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec2bca3c-22ab-4be0-b2d4-c18e24aef8bc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(5!% ]Ɋ& !X!%5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3(**@6!% ]Ɋ& !X!%6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0@**@7!% ]Ɋ& !X!%7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**88!% ]Ɋ& !X!%8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**89!% ]Ɋ& !X!%9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8:!% ]Ɋ& !X!%: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**;!% ]Ɋ& !!%; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7e8fdb11-ee2c-4912-b3c3-d055aa83cf3d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**<% ]Ɋ& !%< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=61ea8d24-353b-40a3-8c7b-f225b5e4af44 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7e8fdb11-ee2c-4912-b3c3-d055aa83cf3d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X=' ]Ɋ& !X'= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p>' ]Ɋ& !X'> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p?' ]Ɋ& !X'? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h@' ]Ɋ& !X'@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**hA' ]Ɋ& !X'A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**hB' ]Ɋ& !X'B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**C' ]Ɋ&  !'C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76a85d29-49dc-44a4-94c2-fa6c89897623 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**Dw( ]Ɋ& !w(D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dd6dca2e-484e-40c4-8721-0f804aa46ffe HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=76a85d29-49dc-44a4-94c2-fa6c89897623 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**Ew( ]Ɋ& '!Xw(E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**Fw( ]Ɋ& ?!Xw(F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**Gw( ]Ɋ& ;!Xw(G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Hw( ]Ɋ& 3!Xw(H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==f4**Iw( ]Ɋ& 3!Xw(I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**Jw( ]Ɋ& 5!Xw(J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e3**0K ( ]Ɋ& ! (K F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e7e76e0d-9f0e-46dd-96ec-5b87e1c80807 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@LM) ]Ɋ& !M)L F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=60ed94bf-c563-457a-b475-d5b3d07b1629 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e7e76e0d-9f0e-46dd-96ec-5b87e1c80807 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**M̸q  ]Ɋ& )!X̸q M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**N̸q  ]Ɋ& A!X̸q N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **O̸q  ]Ɋ& =!X̸q O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **P̸q  ]Ɋ& 5!X̸q P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Q̸q  ]Ɋ& 5!X̸q Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **R̸q  ]Ɋ& 7!X̸q R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0SbQr  ]Ɋ& !bQr S F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eed03e82-71f6-45d9-bcaf-c23bbf7f4320 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@Ts  ]Ɋ& !s T F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3cf57157-3b58-4606-90fc-15d8e30829bd HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eed03e82-71f6-45d9-bcaf-c23bbf7f4320 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**XUs  ]Ɋ& !Xs U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pVs  ]Ɋ& !Xs V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hWs  ]Ɋ& !Xs W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`Xs  ]Ɋ& !Xs X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`Ys  ]Ɋ& !Xs Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hZs  ]Ɋ& !Xs Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**[s  ]Ɋ&  !s [ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=946ee512-fc3f-4abc-acec-fbd7c7b0061a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**\&t  ]Ɋ& !&t \ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=30cd929e-6720-41b3-bc6f-65adee756912 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=946ee512-fc3f-4abc-acec-fbd7c7b0061a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8]t  ]Ɋ& !Xt ] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**P^t  ]Ɋ& !Xt ^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**P_t  ]Ɋ& !Xt _ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**H`t  ]Ɋ& !Xt ` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**Hat  ]Ɋ& !Xt a F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fdfdH PipelineI ]Ɋ&  Xt b F&ElfChnkbbht~Mu=VysMc&&**Hbt  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! +!Xt b F&F%g>9{p(xlMD EventDatauoData !BinaryxVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**ct  ]Ɋ& !t c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=530b78f2-c7ae-4f5a-9560-afb933b07ae5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=$**dt  ]Ɋ& !t d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=769d2bd6-a171-4b63-a28c-adfaf30d7d96 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=530b78f2-c7ae-4f5a-9560-afb933b07ae5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Xet  ]Ɋ& !Xt e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pft  ]Ɋ& !Xt f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**hgt  ]Ɋ& !Xt g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`ht  ]Ɋ& !Xt h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`it  ]Ɋ& !Xt i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`jt  ]Ɋ& !Xt j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**kSLu  ]Ɋ& !SLu k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e956fce-352e-4e98-93ce-ca484bb26cd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**lSLu  ]Ɋ& !SLu l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=814c2700-d58c-41b6-98cd-fbe4f7db632a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3e956fce-352e-4e98-93ce-ca484bb26cd4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**(mSLu  ]Ɋ& !XSLu m F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@nSLu  ]Ɋ& !XSLu n F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f@**@oSLu  ]Ɋ& !XSLu o F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8pSLu  ]Ɋ& !XSLu p F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8qSLu  ]Ɋ& !XSLu q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==dd8**8rSLu  ]Ɋ& !XSLu r F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**sSLu  ]Ɋ& !SLu s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5980fc21-65fb-42f0-89cc-7f2255622bc9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**t}v  ]Ɋ& !}v t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e5c0b18-ebca-4c07-8ea6-616bc1bb03f4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5980fc21-65fb-42f0-89cc-7f2255622bc9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**Xuw  ]Ɋ& !Xw u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pvw  ]Ɋ& !Xw v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pww  ]Ɋ& !Xw w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**hxw  ]Ɋ& !Xw x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**hyw  ]Ɋ& !Xw y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hzw  ]Ɋ& !Xw z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**{w  ]Ɋ&  !w { F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34e306fd-9e90-4a3b-9576-b9bb8261cc2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|CGx  ]Ɋ& !CGx | F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2f301b8e-272c-4740-9bc2-e272f1509b15 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=34e306fd-9e90-4a3b-9576-b9bb8261cc2b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **}x  ]Ɋ& '!Xx } F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**~x  ]Ɋ& ?!Xx ~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**x  ]Ɋ& ;!Xx  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**x  ]Ɋ& 3!Xx  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**x  ]Ɋ& 3!Xx  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun**x  ]Ɋ& 5!Xx  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0x  ]Ɋ& !x  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=41c7f246-c093-42f5-b8dc-635c5a1908fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@pxy  ]Ɋ& !pxy  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=599f1adc-477d-459b-a5fd-f59437d5a092 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=41c7f246-c093-42f5-b8dc-635c5a1908fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 @**o ]Ɋ& )!Xo F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uctS**o ]Ɋ& A!Xo F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=curi**o ]Ɋ& =!Xo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **o ]Ɋ& 5!Xo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **o ]Ɋ& 5!Xo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi**o ]Ɋ& 7!Xo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0o ]Ɋ& !o F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a7371c2-a03e-42bc-9895-3dde2266ab5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@5Mo ]Ɋ& !5Mo F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=65dabf01-dafb-44a4-8f3a-03016b5bab83 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6a7371c2-a03e-42bc-9895-3dde2266ab5b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xo ]Ɋ& !Xo F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**po ]Ɋ& !Xo F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**ho ]Ɋ& !Xo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`o ]Ɋ& !Xo F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`o ]Ɋ& !Xo F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**ho ]Ɋ& !Xo F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h ]Ɋ& Xt boElfChnkF[gNMu=VysMc&&**o ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !o F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1dede857-e5ae-4f9d-a825-fac6ae51362f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**o ]Ɋ& !o F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6e8d7dc3-b7cb-4154-ae69-dbf15e42ba8a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1dede857-e5ae-4f9d-a825-fac6ae51362f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8p ]Ɋ& !Xp F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Pp ]Ɋ& !Xp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**Pp ]Ɋ& !Xp F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**P**Hp ]Ɋ& !Xp F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**Hp ]Ɋ& !Xp F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**Hp ]Ɋ& !Xp F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**p ]Ɋ& !p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4acf4856-6e77-4879-ac62-ca89df3dab2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLi**p ]Ɋ& !p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c5430399-f38b-4546-88c5-9f50308bc469 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4acf4856-6e77-4879-ac62-ca89df3dab2f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**XCp ]Ɋ& !XCp F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNamX**pCp ]Ɋ& !XCp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**hCp ]Ɋ& !XCp F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**`Cp ]Ɋ& !XCp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca`**`Cp ]Ɋ& !XCp F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`Cp ]Ɋ& !XCp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S`**Cp ]Ɋ& !Cp F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dd05ac7a-70d6-42a7-98b4-203d981d38da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Cp ]Ɋ& !Cp F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=183e9ade-75de-4603-9829-7e4a3a45e6f7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dd05ac7a-70d6-42a7-98b4-203d981d38da PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(Cp ]Ɋ& !XCp F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f(**@Cp ]Ɋ& !XCp F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@Cp ]Ɋ& !XCp F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da@**8Cp ]Ɋ& !XCp F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on\8**8Cp ]Ɋ& !XCp F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver8**8Cp ]Ɋ& !XCp F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**Cp ]Ɋ& !Cp F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3ffc6fee-2c5e-42b1-a408-fab6ddbb204a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri**Ctp ]Ɋ& !Ctp F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a60b26a0-f353-4e14-b3a2-c2f9405d13cb HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=3ffc6fee-2c5e-42b1-a408-fab6ddbb204a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | O**X>p ]Ɋ& !X>p F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p>p ]Ɋ& !X>p F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**p>p ]Ɋ& !X>p F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fo]p**h>p ]Ɋ& !X>p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**h>p ]Ɋ& !X>p F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**h>p ]Ɋ& !X>p F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Coh**>p ]Ɋ&  !>p F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=585dd7e4-d705-4e7d-a49d-0a5063d7ad03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**p ]Ɋ& !p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=13c7bd10-486f-46a4-bd06-f85357756013 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=585dd7e4-d705-4e7d-a49d-0a5063d7ad03 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**p ]Ɋ& '!Xp F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**p ]Ɋ& ?!Xp F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**p ]Ɋ& ;!Xp F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as**p ]Ɋ& 3!Xp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ing**p ]Ɋ& 3!Xp F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art**p ]Ɋ& 5!Xp F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65**0p ]Ɋ& !p F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=dae2c6ea-38e5-471c-ac0d-8e711cf15b90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@p ]Ɋ& !p F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e7f277bf-efd6-4fc3-bf35-293ccd9fc80f HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=dae2c6ea-38e5-471c-ac0d-8e711cf15b90 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2bc-@**Ի ]Ɋ& )!XԻ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**Ի ]Ɋ& A!XԻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**Ի ]Ɋ& =!XԻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=54**Ի ]Ɋ& 5!XԻ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**Ի ]Ɋ& 5!XԻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**Ի ]Ɋ& 7!XԻ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0?ջ ]Ɋ& !?ջ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46f63722-4e08-4e44-bb31-6188ceb2eaf6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 Xt boElfChnkX}SMu=VysMc&&**@ֻ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!ֻ F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46f63722-4e08-4e44-bb31-6188ceb2eaf6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xlֻ ]Ɋ& !Xlֻ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f9dX**plֻ ]Ɋ& !Xlֻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**hlֻ ]Ɋ& !Xlֻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`lֻ ]Ɋ& !Xlֻ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`lֻ ]Ɋ& !Xlֻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hlֻ ]Ɋ& !Xlֻ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**lֻ ]Ɋ&  !lֻ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ac6c3a89-b178-4763-b314-fca524dd7d96 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**lֻ ]Ɋ& !lֻ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a4d9dec0-e90e-415b-8d62-996421bb658c HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ac6c3a89-b178-4763-b314-fca524dd7d96 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8lֻ ]Ɋ& !Xlֻ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**Plֻ ]Ɋ& !Xlֻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**Plֻ ]Ɋ& !Xlֻ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**Hlֻ ]Ɋ& !Xlֻ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**Hlֻ ]Ɋ& !Xlֻ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**Hlֻ ]Ɋ& !Xlֻ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**lֻ ]Ɋ& !lֻ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00ef26bb-46de-4a3f-ab18-8d5519b14938 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**lֻ ]Ɋ& !lֻ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1269c9d9-83b3-4e88-aeae-bf865b1c8809 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=00ef26bb-46de-4a3f-ab18-8d5519b14938 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**XM׻ ]Ɋ& !XM׻ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-203X**pM׻ ]Ɋ& !XM׻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**hM׻ ]Ɋ& !XM׻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`M׻ ]Ɋ& !XM׻ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3-`**`M׻ ]Ɋ& !XM׻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`M׻ ]Ɋ& !XM׻ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**M׻ ]Ɋ& !M׻ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d614b5d-e7d2-45ff-8a85-763019f11ded PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**M׻ ]Ɋ& !M׻ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=96de58b5-00ca-4890-ba4e-3cccf7cfe230 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2d614b5d-e7d2-45ff-8a85-763019f11ded PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(M׻ ]Ɋ& !XM׻ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@M׻ ]Ɋ& !XM׻ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@M׻ ]Ɋ& !XM׻ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8M׻ ]Ɋ& !XM׻ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8M׻ ]Ɋ& !XM׻ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8M׻ ]Ɋ& !XM׻ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**M׻ ]Ɋ& !M׻ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f8692b57-eda8-4b8f-8382-3f4f80f51ab2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **/~ػ ]Ɋ& !/~ػ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9c5c61ba-34be-40a5-8bf2-96ae37783e45 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f8692b57-eda8-4b8f-8382-3f4f80f51ab2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**X yۻ ]Ɋ& !X yۻ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**p yۻ ]Ɋ& !X yۻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**p yۻ ]Ɋ& !X yۻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**h yۻ ]Ɋ& !X yۻ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**h yۻ ]Ɋ& !X yۻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**h yۻ ]Ɋ& !X yۻ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh** yۻ ]Ɋ&  ! yۻ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a5192dda-70c4-45c1-a979-975aab7ef9fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ܻ ]Ɋ& !ܻ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e5c82a0b-640a-4c8a-b0ed-b386a5d9d650 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a5192dda-70c4-45c1-a979-975aab7ef9fd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**zݻ ]Ɋ& '!Xzݻ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**zݻ ]Ɋ& ?!Xzݻ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**zݻ ]Ɋ& ;!Xzݻ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**zݻ ]Ɋ& 3!Xzݻ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro**zݻ ]Ɋ& 3!Xzݻ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**zݻ ]Ɋ& 5!Xzݻ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0zݻ ]Ɋ& !zݻ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1bb4a461-c300-47f1-a51c-bbcccc6c82b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os ߻ F&on=4.0 HostId=b8767f52-6486-4df4-adca-4f989a037a34 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46f63722-4e08-4e44-bb31-6188ceb2eaf6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 Xt boElfChnk))`zEMu=VysMc&&**@ ߻ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !! ߻ F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dddd91b6-d3c2-4402-ba7c-5575a065aa73 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1bb4a461-c300-47f1-a51c-bbcccc6c82b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ **#0k ]Ɋ& !X#0k F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**#0k ]Ɋ& !X#0k F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**#0k ]Ɋ& !X#0k F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**#0k ]Ɋ&  !X#0k F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pi**#0k ]Ɋ&  !X#0k F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dis**#0k ]Ɋ&  !X#0k F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll**#0k ]Ɋ& ]!#0k F&:AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=4.0 RunspaceId=0d8f996e-9493-4303-9c53-264bbca03486 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=41**wGm ]Ɋ& i!wGm F&FStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f445d99b-63b8-4911-8d57-aa52e206b9ef HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=4.0 RunspaceId=0d8f996e-9493-4303-9c53-264bbca03486 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **2 ]Ɋ& )!X2 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**2 ]Ɋ& A!X2 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**2 ]Ɋ& =!X2 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**2 ]Ɋ& 5!X2 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**2 ]Ɋ& 5!X2 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wi**2 ]Ɋ& 7!X2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g**02 ]Ɋ& !2 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e660d576-8e08-459c-89a6-cd461ec0d9ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,0**@_? ]Ɋ& !_? F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9abdb686-b6c9-4f3f-8fac-fc49496eadf3 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e660d576-8e08-459c-89a6-cd461ec0d9ba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ena@**X_? ]Ɋ& !X_? F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ll X**p_? ]Ɋ& !X_? F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=pp**h_? ]Ɋ& !X_? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**`_? ]Ɋ& !X_? F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p`**` _? ]Ɋ& !X_?  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p`**h _? ]Ɋ& !X_?  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=licah** _? ]Ɋ&  !_?  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=abdb0940-46e8-4d64-add1-151c20b41325 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e Ro** _? ]Ɋ& !_?  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=42880da2-11bf-46d1-8f4c-dd319d656360 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=abdb0940-46e8-4d64-add1-151c20b41325 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl**8  ]Ɋ& !X  F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iO8**P ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=78P**P ]Ɋ& !X F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=videP**H ]Ɋ& !X F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H ]Ɋ& !X F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== H**H ]Ɋ& !X F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=turH** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d762ee6-9581-46fe-9318-7903d788c2cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5195361a-be9f-4d6a-a05c-768391dce5d2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d762ee6-9581-46fe-9318-7903d788c2cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==13 X**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4fh**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C`** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1a51dcca-1ca7-4803-b629-8554133feee6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**p ]Ɋ& !p F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ecdbb09d-ce34-469e-954b-2eecc9e35253 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1a51dcca-1ca7-4803-b629-8554133feee6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=; g**(p ]Ɋ& !Xp F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d(**@p ]Ɋ& !Xp F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@p ]Ɋ& !Xp F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idt@**8 p ]Ɋ& !Xp  F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8!p ]Ɋ& !Xp! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=OFT8**8"p ]Ɋ& !Xp" F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de8**#p ]Ɋ& !p# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5b31b775-e9cc-4386-ad74-d0531bc2fb09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en**$"  ]Ɋ& !" $ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6482d793-4e32-4890-af19-c66ca4079582 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5b31b775-e9cc-4386-ad74-d0531bc2fb09 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**X%O: ]Ɋ& !XO:% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rX**p&O: ]Ɋ& !XO:& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**p'O: ]Ɋ& !XO:' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=75ap**h(O: ]Ɋ& !XO:( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix h**h)O: ]Ɋ& !XO:) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ipthme= Comman ]Ɋ& Xt XO:ElfChnk*\*\HAnƒ='Mu=VysMc&&**p *O: ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!XO:* F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p **+O: ]Ɋ&  !O:+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ba731383-dba9-41be-841b-3c4a6564e14c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**, ]Ɋ& !, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bee30316-332a-47d2-b346-4eef103d49f1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ba731383-dba9-41be-841b-3c4a6564e14c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Powe**- ]Ɋ& '!X- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **. ]Ɋ& ?!X. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9**/ ]Ɋ& ;!X/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**0 ]Ɋ& 3!X0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **1 ]Ɋ& 3!X1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**2 ]Ɋ& 5!X2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**03 ]Ɋ& !3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c84e0a30-b954-4bb2-854e-dc4feca90d59 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@4 ]Ɋ& !4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=236c79b0-1058-4f21-b7e1-508fdcc21d1c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c84e0a30-b954-4bb2-854e-dc4feca90d59 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-cd4@**51~ ]Ɋ& )!X1~5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa**61~ ]Ɋ& A!X1~6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace**71~ ]Ɋ& =!X1~7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dd**81~ ]Ɋ& 5!X1~8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C**91~ ]Ɋ& 5!X1~9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**:1~ ]Ɋ& 7!X1~: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_**0;1~ ]Ɋ& !1~; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0934ee60-fa92-435e-a972-65a8564a94d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@<@b ]Ɋ& !@b< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=95584214-55af-4c09-a617-0f6d8179cba8 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0934ee60-fa92-435e-a972-65a8564a94d2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**X=@b ]Ɋ& !X@b= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**p>@b ]Ɋ& !X@b> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h?@b ]Ɋ& !X@b? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`@@b ]Ɋ& !X@b@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`A@b ]Ɋ& !X@bA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hB@b ]Ɋ& !X@bB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**C@b ]Ɋ&  !@bC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9330e73-174b-48b1-a048-3835459c97ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!**D@b ]Ɋ& !@bD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f0f1b76c-08a0-4a9c-bc4f-33c44121be82 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c9330e73-174b-48b1-a048-3835459c97ca PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8E ]Ɋ& !XE F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PF ]Ɋ& !XF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PG ]Ɋ& !XG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HH ]Ɋ& !XH F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=H**HI ]Ɋ& !XI F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**HJ ]Ɋ& !XJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**K ]Ɋ& !K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2043d69-96df-4545-b73a-28e6f793b8ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**L ]Ɋ& !L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a034f333-0584-494d-9a1c-6893b7d742ae HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d2043d69-96df-4545-b73a-28e6f793b8ee PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**XM ]Ɋ& !XM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**pN ]Ɋ& !XN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**hO ]Ɋ& !XO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`P ]Ɋ& !XP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`Q ]Ɋ& !XQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`R ]Ɋ& !XR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**S ]Ɋ& !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=658a80f5-51a3-4112-8a2c-a1af4f0d4562 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**T ]Ɋ& !T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=688b42f3-c8b4-4def-825a-de1c7c2f4146 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=658a80f5-51a3-4112-8a2c-a1af4f0d4562 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(Um ]Ɋ& !XmU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b(**@Vm ]Ɋ& !XmV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@Wm ]Ɋ& !XmW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8Xm ]Ɋ& !XmX F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8Ym ]Ɋ& !XmY F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8Zm ]Ɋ& !XmZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**[m ]Ɋ& !m[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=11e34f00-ce78-40f6-894b-a455ef8d9946 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **\, ]Ɋ& !,\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ceae64ab-d821-410e-9973-359a68bdfdbf HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=11e34f00-ce78-40f6-894b-a455ef8d9946 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin-width 65535 ]Ɋ&  CX0]] F&ScriptName= CommandPath= CommandLine=ipthme= Comman ]Ɋ& Xt XO:ElfChnk]]Hx`~Mu=VysMc&&**` ]0] ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ?!X0]] F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne` **p^0] ]Ɋ& !X0]^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p_0] ]Ɋ& !X0]_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pelp**h`0] ]Ɋ& !X0]` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**ha0] ]Ɋ& !X0]a F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hb0] ]Ɋ& !X0]b F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**c0] ]Ɋ&  !0]c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82f6ae17-a5ea-4bfd-8bc3-af112a445971 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a7c1dab7-0d42-4909-a294-5ca7bfaf056e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82f6ae17-a5ea-4bfd-8bc3-af112a445971 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**e ]Ɋ& '!Xe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**f ]Ɋ& ?!Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**g ]Ɋ& ;!Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9-a**h ]Ɋ& 3!Xh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7**i ]Ɋ& 3!Xi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a61**j ]Ɋ& 5!Xj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**0k ]Ɋ& !k F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e1c92bb6-5309-44df-94a0-e70a9ca19a63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ir0**@l& ]Ɋ& !&l F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bdd6b88d-c86b-4b58-8a9e-b08402142198 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=e1c92bb6-5309-44df-94a0-e70a9ca19a63 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**m;ָ ]Ɋ& )!X;ָm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman**n;ָ ]Ɋ& A!X;ָn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **o;ָ ]Ɋ& =!X;ָo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uc**p;ָ ]Ɋ& 5!X;ָp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cu**q;ָ ]Ɋ& 5!X;ָq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **r;ָ ]Ɋ& 7!X;ָr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0s;ָ ]Ɋ& !;ָs F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b0c83f2-a3a1-4ba4-ad95-c95457935ae8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r0**@tDָ ]Ɋ& !Dָt F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=83a6b043-d44e-4fc2-913e-d8668a715b51 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0b0c83f2-a3a1-4ba4-ad95-c95457935ae8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi@**Xuhݪָ ]Ɋ& !Xhݪָu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pvhݪָ ]Ɋ& !Xhݪָv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Enp**hwhݪָ ]Ɋ& !Xhݪָw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`xhݪָ ]Ɋ& !Xhݪָx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v`**`yhݪָ ]Ɋ& !Xhݪָy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g`**hzhݪָ ]Ɋ& !Xhݪָz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovih**{hݪָ ]Ɋ&  !hݪָ{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2b70dc7-871f-4790-b667-a945eb2fed99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**|hݪָ ]Ɋ& !hݪָ| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2a55d419-1574-44e1-8fab-552d9e4e1118 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c2b70dc7-871f-4790-b667-a945eb2fed99 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os**8},ָ ]Ɋ& !X,ָ} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eN8**P~,ָ ]Ɋ& !X,ָ~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rtP**P,ָ ]Ɋ& !X,ָ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=roviP**H,ָ ]Ɋ& !X,ָ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ctioH**H,ָ ]Ɋ& !X,ָ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iderH**H,ָ ]Ɋ& !X,ָ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=artH**?ָ ]Ɋ& !?ָ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=33f5042f-c526-41a8-9f95-c676fe9b1df3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **?ָ ]Ɋ& !?ָ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72bd1490-6d30-49d2-92fa-952382782e5f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=33f5042f-c526-41a8-9f95-c676fe9b1df3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**X?ָ ]Ɋ& !X?ָ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=UX**p?ָ ]Ɋ& !X?ָ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommap**h?ָ ]Ɋ& !X?ָ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**`?ָ ]Ɋ& !X?ָ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m.`**`?ָ ]Ɋ& !X?ָ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`?ָ ]Ɋ& !X?ָ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**?ָ ]Ɋ& !?ָ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46781aad-ad2a-459c-9f78-c92d8381e10c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**?ָ ]Ɋ& !?ָ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ef274eb9-cdb1-4a91-ac74-79412aee1bf3 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=46781aad-ad2a-459c-9f78-c92d8381e10c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(Yحָ ]Ɋ& !XYحָ F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@Yحָ ]Ɋ& !XYحָ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@-width 65535 ]Ɋ&  CXYحָ F&ScriptName= CommandPath= CommandLine=ipthme= Comman ]Ɋ& Xt XO:ElfChnkP~}ǵMu=VysMc&&**@ Yحָ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!XYحָ F&F%g>9{p(xlMD EventDatauoData !BinarypFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@ **8Yحָ ]Ɋ& !XYحָ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=llD8**8Yحָ ]Ɋ& !XYحָ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8Yحָ ]Ɋ& !XYحָ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**Yحָ ]Ɋ& !Yحָ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d48e6072-24bd-411d-a5b2-4d20eeef12bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Re**pָ ]Ɋ& !pָ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9d6a9a4f-c820-4230-aee1-7eba0f34da4f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d48e6072-24bd-411d-a5b2-4d20eeef12bd PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**Xָ ]Ɋ& !Xָ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nX**pָ ]Ɋ& !Xָ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pָ ]Ɋ& !Xָ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pp**hָ ]Ɋ& !Xָ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ch**hָ ]Ɋ& !Xָ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hָ ]Ɋ& !Xָ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rth**ָ ]Ɋ&  !ָ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=75c183db-87c3-44cb-bb87-c6b586f7acdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er**:ָ ]Ɋ& !:ָ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d236b7d-445e-4725-9af8-ff0e00f6fd20 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=75c183db-87c3-44cb-bb87-c6b586f7acdf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ix -**:ָ ]Ɋ& '!X:ָ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**:ָ ]Ɋ& ?!X:ָ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**:ָ ]Ɋ& ;!X:ָ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-4f**:ָ ]Ɋ& 3!X:ָ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****:ָ ]Ɋ& 3!X:ָ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fc2**:ָ ]Ɋ& 5!X:ָ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0:ָ ]Ɋ& !:ָ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=348688a3-11a6-4732-af86-1e302268c82a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ne0**@kָ ]Ɋ& !kָ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cf9314cf-cc8b-491d-87dc-12632e5bcbc4 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=348688a3-11a6-4732-af86-1e302268c82a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**zr9 ]Ɋ& )!Xzr9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**zr9 ]Ɋ& A!Xzr9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId**zr9 ]Ɋ& =!Xzr9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**zr9 ]Ɋ& 5!Xzr9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/**zr9 ]Ɋ& 5!Xzr9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=11**zr9 ]Ɋ& 7!Xzr9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**0zr9 ]Ɋ& !zr9 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f54f58d-5091-4e92-ba57-4fcc5fd5fbc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u0**@9 ]Ɋ& !9 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3a4b60c-3655-4a8e-afce-601deef0de6c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6f54f58d-5091-4e92-ba57-4fcc5fd5fbc2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=New@**X9 ]Ɋ& !X9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**p9 ]Ɋ& !X9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h9 ]Ɋ& !X9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mh**`9 ]Ɋ& !X9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`9 ]Ɋ& !X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**h9 ]Ɋ& !X9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPh**9 ]Ɋ&  !9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de6e0914-7f5f-4f4f-9fac-7f87347402a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**9 ]Ɋ& !9 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f0018283-a6f1-478a-96a4-de35cb7e15b6 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=de6e0914-7f5f-4f4f-9fac-7f87347402a8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **8><9 ]Ɋ& !X><9 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ue8**P><9 ]Ɋ& !X><9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==SP**P><9 ]Ɋ& !X><9 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPP**H><9 ]Ɋ& !X><9 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==FunH**H><9 ]Ɋ& !X><9 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ProvH**H><9 ]Ɋ& !X><9 F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eSH**><9 ]Ɋ& !><9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4e41137-f62e-46cf-bb1a-292503fccf8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lab**><9 ]Ɋ& !><9 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d9078b7-7758-40cd-8ea0-35b01842751e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a4e41137-f62e-46cf-bb1a-292503fccf8c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**X><9 ]Ɋ& !X><9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ָX**p><9 ]Ɋ& !X><9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Cp**h><9 ]Ɋ& !X><9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 h EngineVersi ]Ɋ&  X><9 F&CommandPath= CommandLine=n@-width 65535 ]Ɋ&  CXYحָ F&ScriptName= CommandPath= CommandLine=ipthme= Comman ]Ɋ& Xt XO:ElfChnkXq5LMu=VysMc&&**h><9 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!X><9 F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sioh**`><9 ]Ɋ& !X><9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cu`**`><9 ]Ɋ& !X><9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@`**><9 ]Ɋ& !><9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fea8f09-bfcc-4049-bcf5-a62b1ddae0fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **><9 ]Ɋ& !><9 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ddaf5089-f23e-4fd0-9b3a-6210130aad5f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0fea8f09-bfcc-4049-bcf5-a62b1ddae0fe PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**(Ծ9 ]Ɋ& !XԾ9 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@Ծ9 ]Ɋ& !XԾ9 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m@**@Ծ9 ]Ɋ& !XԾ9 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C@**8Ծ9 ]Ɋ& !XԾ9 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-U8**8Ծ9 ]Ɋ& !XԾ9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion8**8Ծ9 ]Ɋ& !XԾ9 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE8**Ծ9 ]Ɋ& !Ծ9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7b56efe4-5b89-4282-b1c8-39ea82848162 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**km9 ]Ɋ& !km9 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=457cb2d8-19d5-4241-bb4e-bc555b530c04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=7b56efe4-5b89-4282-b1c8-39ea82848162 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ider**X9 ]Ɋ& !X9 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p9 ]Ɋ& !X9 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**p9 ]Ɋ& !X9 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h9 ]Ɋ& !X9 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sth**h9 ]Ɋ& !X9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Seqh**h9 ]Ɋ& !X9 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cfh**9 ]Ɋ&  !9 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4f5f062-09c4-4c61-ac06-84b5d3b6f1e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **.79 ]Ɋ& !.79 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0bad5ba2-6b40-4315-85a9-bf2def16e0e1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d4f5f062-09c4-4c61-ac06-84b5d3b6f1e0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=base**.79 ]Ɋ& '!X.79 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**.79 ]Ɋ& ?!X.79 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=B**.79 ]Ɋ& ;!X.79 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eVe**.79 ]Ɋ& 3!X.79 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=F**.79 ]Ɋ& 3!X.79 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ers**.79 ]Ɋ& 5!X.79 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**0.79 ]Ɋ& !.79 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=6c58f890-b7e5-4ef4-85dc-bbcc12210a2d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5f0**@[h9 ]Ɋ& ![h9 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=614159b5-b9cf-4d98-a144-dd3a90a032da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=6c58f890-b7e5-4ef4-85dc-bbcc12210a2d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed @**zz ]Ɋ& )!Xzz F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**zz ]Ɋ& A!Xzz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**zz ]Ɋ& =!Xzz F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **zz ]Ɋ& 5!Xzz F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**zz ]Ɋ& 5!Xzz F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pr**zz ]Ɋ& 7!Xzz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0zz ]Ɋ& !zz F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dfce821e-8224-4d8c-a87d-c120e44a56b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@>z ]Ɋ& !>z F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a3c69c47-12eb-4d34-b472-82393c086188 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dfce821e-8224-4d8c-a87d-c120e44a56b2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==f0@**X݁z ]Ɋ& !X݁z F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConX**p݁z ]Ɋ& !X݁z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVp**h݁z ]Ɋ& !X݁z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Hh**`݁z ]Ɋ& !X݁z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8`**`݁z ]Ɋ& !X݁z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d`**h݁z ]Ɋ& !X݁z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8427h**݁z ]Ɋ&  !݁z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bc4d870-3f24-415f-b2ae-5e377b87411b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=us |**uz ]Ɋ& !uz F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f0e7357e-5c30-4288-a8d2-82e374640d2a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1bc4d870-3f24-415f-b2ae-5e377b87411b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sE**8uz ]Ɋ& !Xuz F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=el8**Puz ]Ɋ& !Xuz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=liP**Puz ]Ɋ& !Xuz F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0aadP**Huz ]Ɋ& !Xuz F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Hpthme= Co ]Ɋ&  Xuz ElfChnk!!H:`"k]Mu=VysMc&&**Huz ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!Xuz F&F%g>9{p(xlMD EventDatauoData !BinaryvRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mH**Huz ]Ɋ& !Xuz F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**uz ]Ɋ& !uz F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a9723fe9-a87e-482d-b16d-8c7dafb12566 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**uz ]Ɋ& !uz F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bbafcec5-9a0e-4737-8535-6f9b5c55ffd4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a9723fe9-a87e-482d-b16d-8c7dafb12566 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**Xuz ]Ɋ& !Xuz F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComX**puz ]Ɋ& !Xuz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allep**huz ]Ɋ& !Xuz F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='ih**`uz ]Ɋ& !Xuz F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ow`**`uz ]Ɋ& !Xuz F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`uz ]Ɋ& !Xuz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**/z ]Ɋ& !/z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=63620c1f-fedc-4351-ba2b-d46c50ebc08e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**/z ]Ɋ& !/z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e620bbae-5620-4fb0-bfe1-07415287196a HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=63620c1f-fedc-4351-ba2b-d46c50ebc08e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(/z ]Ɋ& !X/z F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1(**@/z ]Ɋ& !X/z F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n@**@/z ]Ɋ& !X/z F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e]:@**8/z ]Ɋ& !X/z F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tal8**8/z ]Ɋ& !X/z F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.08**8/z ]Ɋ& !X/z F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**/z ]Ɋ& !/z F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fcd4a7b3-6fdb-4e99-add0-9b6beada45c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **\?z ]Ɋ& !\?z F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b163aecf-3235-4154-933d-122d47a89195 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=fcd4a7b3-6fdb-4e99-add0-9b6beada45c3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=trin**Xz ]Ɋ& !Xz F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pz ]Ɋ& !Xz F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**pz ]Ɋ& !Xz F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culp**hz ]Ɋ& !Xz F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Obh**h z ]Ɋ& !Xz  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pih**h z ]Ɋ& !Xz  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ath** z ]Ɋ&  !z  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af7ba3f0-bb84-4ccc-b6bd-44eff9289288 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** z ]Ɋ& !z  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=870d3a83-9675-4987-98ca-ea48e88b5f5e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af7ba3f0-bb84-4ccc-b6bd-44eff9289288 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame=** -0z ]Ɋ& '!X-0z  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **-0z ]Ɋ& ?!X-0z F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**-0z ]Ɋ& ;!X-0z F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ed**-0z ]Ɋ& 3!X-0z F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=th **-0z ]Ɋ& 3!X-0z F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rov**-0z ]Ɋ& 5!X-0z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=En**0-0z ]Ɋ& !-0z F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0950c547-54d6-45bf-871e-9ee51fa45767 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en0**@Zaz ]Ɋ& !Zaz F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=23391ffd-040d-43f6-8c84-9fffbfcb9626 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0950c547-54d6-45bf-871e-9ee51fa45767 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-c12@***g׽ ]Ɋ& )!X*g׽ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayNa***g׽ ]Ɋ& A!X*g׽ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pace***g׽ ]Ɋ& =!X*g׽ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=82***g׽ ]Ɋ& 5!X*g׽ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C***g׽ ]Ɋ& 5!X*g׽ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr***g׽ ]Ɋ& 7!X*g׽ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0*g׽ ]Ɋ& !*g׽ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2690b915-90a0-41f5-8fbc-7886769fd0d7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@W׽ ]Ɋ& !W׽ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=313e0fe2-e769-4c84-9313-8e3302c14783 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2690b915-90a0-41f5-8fbc-7886769fd0d7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm@**XW׽ ]Ɋ& !XW׽ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNaX**pW׽ ]Ɋ& !XW׽ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**hW׽ ]Ɋ& !XW׽ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**` W׽ ]Ɋ& !XW׽  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`!W׽ ]Ɋ& !XW׽! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`=Hpth ]Ɋ& XW׽" F& ElfChnk"R"Rp%{q Mu=VysMc&&**h"W׽ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! I!XW׽" F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**#W׽ ]Ɋ&  !W׽# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ecc69b36-fe6d-49f1-b3bf-311e099dc339 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$0׽ ]Ɋ& !0׽$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c1f256ea-7301-44d7-b0ad-f57e49819445 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ecc69b36-fe6d-49f1-b3bf-311e099dc339 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8%0׽ ]Ɋ& !X0׽% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P&0׽ ]Ɋ& !X0׽& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P'0׽ ]Ɋ& !X0׽' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**H(0׽ ]Ɋ& !X0׽( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**H)0׽ ]Ɋ& !X0׽) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLinH**H*0׽ ]Ɋ& !X0׽* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= H**+0׽ ]Ɋ& !0׽+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b36f5f57-900b-42ad-ae50-a1de804648b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,0׽ ]Ɋ& !0׽, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cd248124-4d8f-479e-b7fd-1050d94fe75a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b36f5f57-900b-42ad-ae50-a1de804648b3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X-G׽ ]Ɋ& !XG׽- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TypeX**p.G׽ ]Ɋ& !XG׽. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| sep**h/G׽ ]Ɋ& !XG׽/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`0G׽ ]Ɋ& !XG׽0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l `**`1G׽ ]Ɋ& !XG׽1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Na`**`2G׽ ]Ɋ& !XG׽2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**3G׽ ]Ɋ& !G׽3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9a5543b-d8e1-45de-8c24-d09ad82a3da5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**4G׽ ]Ɋ& !G׽4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b1737456-8079-480a-b813-d4acb5b7118f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e9a5543b-d8e1-45de-8c24-d09ad82a3da5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptN**(5+׽ ]Ɋ& !X+׽5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p(**@6+׽ ]Ɋ& !X+׽6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**@7+׽ ]Ɋ& !X+׽7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e($@**88+׽ ]Ɋ& !X+׽8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**89+׽ ]Ɋ& !X+׽9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stI8**8:+׽ ]Ɋ& !X+׽: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**;+׽ ]Ɋ& !+׽; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=331cd39c-bb41-4464-888f-5081eba753ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=an**< ]׽ ]Ɋ& ! ]׽< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8451ca2a-39d5-47b1-a67c-82140f8ca3d9 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=331cd39c-bb41-4464-888f-5081eba753ff PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**X=&׽ ]Ɋ& !X&׽= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iX**p>&׽ ]Ɋ& !X&׽> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p?&׽ ]Ɋ& !X&׽? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nfop**h@&׽ ]Ɋ& !X&׽@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Insh**hA&׽ ]Ɋ& !X&׽A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIdh**hB&׽ ]Ɋ& !X&׽B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omh**C&׽ ]Ɋ&  !&׽C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=854141a1-de25-49f1-a814-7d8a37884ea5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**De׽ ]Ɋ& !e׽D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=89b0d2b3-7569-4cdb-8216-6d64c09ee700 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=854141a1-de25-49f1-a814-7d8a37884ea5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oleH**E(׽ ]Ɋ& '!X(׽E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**F(׽ ]Ɋ& ?!X(׽F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v**G(׽ ]Ɋ& ;!X(׽G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**H(׽ ]Ɋ& 3!X(׽H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **I(׽ ]Ɋ& 3!X(׽I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ame**J(׽ ]Ɋ& 5!X(׽J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rs**0K(׽ ]Ɋ& !(׽K F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=08faba14-391c-468a-b00f-c613cc57c4c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er0**@L!׽ ]Ɋ& !!׽L F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=52d7ce30-2929-40a5-8d2e-6112c4102a02 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=08faba14-391c-468a-b00f-c613cc57c4c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fd0d@**M3 ]Ɋ& )!X3M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=prod**N3 ]Ɋ& A!X3N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t/Se**O3 ]Ɋ& =!X3O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=94**P3 ]Ɋ& 5!X3P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**Q3 ]Ɋ& 5!X3Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**R3 ]Ɋ& 7!X3R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkSS9{p(xlMD EventDatauoData !BinarydAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=53494960-1664-4a0f-89cf-ae37c841146e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP8**@T83 ]Ɋ& !83T F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=53494960-1664-4a0f-89cf-ae37c841146e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI@**XUMѱ3 ]Ɋ& !XMѱ3U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nspX**pVMѱ3 ]Ɋ& !XMѱ3V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**hWMѱ3 ]Ɋ& !XMѱ3W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ih**`XMѱ3 ]Ɋ& !XMѱ3X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l`**`YMѱ3 ]Ɋ& !XMѱ3Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**hZMѱ3 ]Ɋ& !XMѱ3Z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Commh**[Mѱ3 ]Ɋ&  !Mѱ3[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ec3827e-85c9-4306-ad3b-baa74ee7b535 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**\Mѱ3 ]Ɋ& !Mѱ3\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2375ff81-e62d-4b56-ab6e-5afcd1d81139 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8ec3827e-85c9-4306-ad3b-baa74ee7b535 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8]Mѱ3 ]Ɋ& !XMѱ3] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me8**P^Mѱ3 ]Ɋ& !XMѱ3^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amP**P_Mѱ3 ]Ɋ& !XMѱ3_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=andTP**H`Mѱ3 ]Ɋ& !XMѱ3` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ommaH**HaMѱ3 ]Ɋ& !XMѱ3a F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=elinH**HbMѱ3 ]Ɋ& !XMѱ3b F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceIH**cMѱ3 ]Ɋ& !Mѱ3c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6b76e89-7b72-491e-9399-f507312f931e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndN**dMѱ3 ]Ɋ& !Mѱ3d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=18a2c759-0524-4b8e-aff9-c7d4c63bc0f2 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d6b76e89-7b72-491e-9399-f507312f931e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Xei3 ]Ɋ& !Xi3e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==e9aX**pfi3 ]Ɋ& !Xi3f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**hgi3 ]Ɋ& !Xi3g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=seh**`hi3 ]Ɋ& !Xi3h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0`**`ii3 ]Ɋ& !Xi3i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov`**`ji3 ]Ɋ& !Xi3j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**ki3 ]Ɋ& !i3k F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84420ef1-2aaa-4d92-83c7-493e6296d6e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**li3 ]Ɋ& !i3l F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7ac984d3-ac41-42ee-88d3-a0b279e8a11d HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=84420ef1-2aaa-4d92-83c7-493e6296d6e9 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ine**(m33 ]Ɋ& !X33m F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@n33 ]Ɋ& !X33n F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o@**@o33 ]Ɋ& !X33o F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=spl@**8p33 ]Ɋ& !X33p F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tur8**8q33 ]Ɋ& !X33q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta8**8r33 ]Ɋ& !X33r F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**s33 ]Ɋ& !33s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d834de4-c984-4257-b3bb-77b8d1d4b30d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru**t=̴3 ]Ɋ& !=̴3t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=52471512-f027-46d1-8794-d66bc917f9fc HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=4d834de4-c984-4257-b3bb-77b8d1d4b30d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion.**Xu.Ƿ3 ]Ɋ& !X.Ƿ3u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aX**pv.Ƿ3 ]Ɋ& !X.Ƿ3v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=zp**pw.Ƿ3 ]Ɋ& !X.Ƿ3w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tiep**hx.Ƿ3 ]Ɋ& !X.Ƿ3x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInh**hy.Ƿ3 ]Ɋ& !X.Ƿ3y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sorh**hz.Ƿ3 ]Ɋ& !X.Ƿ3z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**{_3 ]Ɋ&  !_3{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=331c9c81-7b28-4632-abed-3e24e3a3c067 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**|[3 ]Ɋ& ![3| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c148086f-bd1a-4edf-8410-94c09e8c6d3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=331c9c81-7b28-4632-abed-3e24e3a3c067 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Var**}[3 ]Ɋ& '!X[3} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**~[3 ]Ɋ& ?!X[3~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[3 ]Ɋ& ;!X[3 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[3 ]Ɋ& 3!X[3 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wer**[3 ]Ɋ& 3!X[3 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**[3 ]Ɋ& 5!X[3 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-tFirewallPro ]Ɋ& 35[3 F&d= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP**R3 ]Ɋ& 7!X3R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkHؿv&~Mu=VysMc&&**8 [3 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! ![3 F&F%g>9{p(xlMD EventDatauoData !BinarybAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f90e4ae0-0d69-4607-8b86-4c517278fcef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f-78 **@)3 ]Ɋ& !)3 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=cadbb576-a666-4a8f-b546-ebd06cc3c63d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=f90e4ae0-0d69-4607-8b86-4c517278fcef PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Scri@**@;D ]Ɋ& )!X@;D F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eng**@;D ]Ɋ& A!X@;D F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uct **@;D ]Ɋ& =!X@;D F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **@;D ]Ɋ& 5!X@;D F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=56**@;D ]Ɋ& 5!X@;D F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**@;D ]Ɋ& 7!X@;D F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0ӈD ]Ɋ& !ӈD F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1318e97-23a8-4806-a4fd-e27713ddf72f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@mlD ]Ɋ& !mlD F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ce68b89f-d355-4a6c-85f5-35931569c3af HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c1318e97-23a8-4806-a4fd-e27713ddf72f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Lin@**XmlD ]Ɋ& !XmlD F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=^X**pmlD ]Ɋ& !XmlD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hmlD ]Ɋ& !XmlD F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`mlD ]Ɋ& !XmlD F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`mlD ]Ɋ& !XmlD F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hmlD ]Ɋ& !XmlD F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3h**D ]Ɋ&  !D F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b604b58c-fce5-4046-99eb-bebb8006040b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e55ac770-f7c6-4465-a071-f5f9fa85271d HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b604b58c-fce5-4046-99eb-bebb8006040b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ar**8D ]Ɋ& !XD F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PD ]Ɋ& !XD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PD ]Ɋ& !XD F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!P**HD ]Ɋ& !XD F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HD ]Ɋ& !XD F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HD ]Ɋ& !XD F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**D ]Ɋ& !D F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7518eec4-d25f-4aa2-8061-f035d9487e12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=33594393-366a-4eac-b737-bf705abe621d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7518eec4-d25f-4aa2-8061-f035d9487e12 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**XD ]Ɋ& !XD F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pD ]Ɋ& !XD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureIp**hD ]Ɋ& !XD F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sth**`D ]Ɋ& !XD F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=15`**`D ]Ɋ& !XD F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr`**`D ]Ɋ& !XD F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**D ]Ɋ& !D F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f33dcd7c-70ea-4df0-abcf-45621486fcba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a62c4940-e954-4d23-81e6-2cd7e1ddd32c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f33dcd7c-70ea-4df0-abcf-45621486fcba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= R**(D ]Ɋ& !XD F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l(**@D ]Ɋ& !XD F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p@**@D ]Ɋ& !XD F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=KLM@**8D ]Ɋ& !XD F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc8**8D ]Ɋ& !XD F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8D ]Ɋ& !XD F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=558**D ]Ɋ& !D F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dd2cd0f0-53d3-4d82-97b7-e038220c8887 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']**΋D ]Ɋ& !΋D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dc585959-da5a-49b8-98e3-4764cb48ce01 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=dd2cd0f0-53d3-4d82-97b7-e038220c8887 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yNam**X]gD ]Ɋ& !X]gD F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=DX**p]gD ]Ɋ& !X]gD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p]gD ]Ɋ& !X]gD F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n,Hp**h]gD ]Ɋ& !X]gD F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=_.ph**h]gD ]Ɋ& !X]gD F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Culh**h]gD ]Ɋ& !X]gD F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sh**]gD ]Ɋ&  !]gD F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0004bd1d-a1ac-4a8b-8cc8-3ae8bf108534 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**D ]Ɋ& !D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c6907b43-45eb-43f9-bade-dbbbd4f63b8e HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0004bd1d-a1ac-4a8b-8cc8-3ae8bf108534 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=35[3 ]Ɋ&  CXD F&ommandPath= CommandLine=wP**R3 ]Ɋ& 7!X3R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07254f8f-71b8-4c68-806f-0bde353d6016 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnk(bG7 Mu=VysMc&&** D ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XD F&F%g>9{p(xlMD EventDatauoData !BinaryAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **D ]Ɋ& ?!XD F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**D ]Ɋ& ;!XD F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **D ]Ɋ& 3!XD F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**D ]Ɋ& 3!XD F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**D ]Ɋ& 5!XD F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**0D ]Ɋ& !D F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1b3ad67b-3fcf-4b8c-a3b5-545870a269f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==10**@!1D ]Ɋ& !!1D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9e6c883d-8c01-43cd-82dc-176881f3c9da HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1b3ad67b-3fcf-4b8c-a3b5-545870a269f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= @**) ]Ɋ& )!X) F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**) ]Ɋ& A!X) F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsta**) ]Ɋ& =!X) F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65**) ]Ɋ& 5!X) F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**) ]Ɋ& 5!X) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**) ]Ɋ& 7!X) F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0) ]Ɋ& !) F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=334793f2-7e5a-43f7-b18a-a28161b70342 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==0**@([ ]Ɋ& !([ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9e94ee0-7610-4e63-baf9-5a6815eb3325 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=334793f2-7e5a-43f7-b18a-a28161b70342 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma@**X([ ]Ɋ& !X([ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p([ ]Ɋ& !X([ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNp**h([ ]Ɋ& !X([ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`([ ]Ɋ& !X([ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m`**`([ ]Ɋ& !X([ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h([ ]Ɋ& !X([ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**([ ]Ɋ&  !([ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=41cdab4c-a848-4c09-a812-b2c8c387a6a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**([ ]Ɋ& !([ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dcd44326-9670-414f-80d5-0f894f249518 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=41cdab4c-a848-4c09-a812-b2c8c387a6a3 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8([ ]Ɋ& !X([ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P([ ]Ɋ& !X([ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P([ ]Ɋ& !X([ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stP**H([ ]Ɋ& !X([ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**H([ ]Ɋ& !X([ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**H([ ]Ɋ& !X([ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ameH**([ ]Ɋ& !([ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eae3a119-23df-4f78-8423-c3e222bb3671 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= ** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=04e44886-cb43-4c84-99d5-0cf9606d120a HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eae3a119-23df-4f78-8423-c3e222bb3671 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X ]Ɋ& !X F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortX**p ]Ɋ& !X F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=se.pp**h ]Ɋ& !X F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cah**` ]Ɋ& !X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**` ]Ɋ& !X F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**` ]Ɋ& !X F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `** ]Ɋ& ! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3814d8ae-f0be-467f-b998-41d036e07661 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=881e8b8b-665d-4490-8877-d9f18a4a4708 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3814d8ae-f0be-467f-b998-41d036e07661 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=obj**(U ]Ɋ& !XU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@U ]Ɋ& !XU F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c@**@U ]Ɋ& !XU F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bbb@**8U ]Ɋ& !XU F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**8U ]Ɋ& !XU F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tNa8**8U ]Ɋ& !XU F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ge8**U ]Ɋ& !U F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a08e2ea5-d46a-4975-bf27-0092fd15d541 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=al**$ ]Ɋ& !$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5f352950-ca1c-4fff-a29c-b3e7345f550c HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a08e2ea5-d46a-4975-bf27-0092fd15d541 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=432N**XV ]Ɋ& !XV F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EX**pV ]Ɋ& !XV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pV ]Ɋ& !XV F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=pnsoleHost  ]Ɋ& f-XV F&n=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= F& ElfChnkP~Mu=VysMc&&**h V ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!XV F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **hV ]Ɋ& !XV F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**hV ]Ɋ& !XV F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Ch**V ]Ɋ&  !V F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aadd5228-af38-4025-9c67-8ca0032ca415 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07e16999-f7e1-47f5-91e0-b01b662bfe7b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=aadd5228-af38-4025-9c67-8ca0032ca415 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Inst**ߐ ]Ɋ& '!Xߐ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=,**ߐ ]Ɋ& ?!Xߐ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**ߐ ]Ɋ& ;!Xߐ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nab**ߐ ]Ɋ& 3!Xߐ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ߐ ]Ɋ& 3!Xߐ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ble**ߐ ]Ɋ& 5!Xߐ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ab**0ߐ ]Ɋ& !ߐ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=80c324c5-f73c-49e3-b802-7435dd997167 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c2da7723-4c93-4df1-bfa8-43f6acba2a2e HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=80c324c5-f73c-49e3-b802-7435dd997167 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vide@**Hqr ]Ɋ& !XHqr F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Hqr ]Ɋ& !XHqr F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**Hqr ]Ɋ& !XHqr F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str**Hqr ]Ɋ&  !XHqr F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/**Hqr ]Ɋ&  !XHqr F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=70-**Hqr ]Ɋ&  !XHqr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Hqr ]Ɋ& ]!Hqr F&:AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=4.0 RunspaceId=f2902cda-329b-4d80-99dc-cfdd7b7cae6b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng**=r ]Ɋ& i!=r F&FStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dcaa1587-0aa0-424d-b290-53eecc118525 HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe EngineVersion=4.0 RunspaceId=f2902cda-329b-4d80-99dc-cfdd7b7cae6b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**&g  ]Ɋ& )!X&g  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**&g  ]Ɋ& A!X&g  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Vers**&g  ]Ɋ& =!X&g  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ui**&g  ]Ɋ& 5!X&g  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= f**&g  ]Ɋ& 5!X&g  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **&g  ]Ɋ& 7!X&g  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0&g  ]Ɋ& !&g  F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=804029f0-04ff-408b-adc3-d072d25612ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@Wh  ]Ɋ& !Wh  F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8a8bddfc-b211-443c-9d8e-0759819e882c HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=804029f0-04ff-408b-adc3-d072d25612ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ole@**X m  ]Ɋ& !X m  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p m  ]Ɋ& !X m  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=Sp**h m  ]Ɋ& !X m  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**` m  ]Ɋ& !X m  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**` m  ]Ɋ& !X m   F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h m  ]Ɋ& !X m   F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=derSh** m  ]Ɋ&  ! m   F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6e66dd9-6caa-471b-9091-20912cfc7612 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostN** Mn  ]Ɋ& !Mn   F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d84d89b2-35d3-4c86-b7af-54dcfbc2e2b5 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a6e66dd9-6caa-471b-9091-20912cfc7612 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1e**8 Hq  ]Ɋ& !XHq   F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce8**PHq  ]Ɋ& !XHq  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=AlP**PHq  ]Ɋ& !XHq  F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&P**HHq  ]Ɋ& !XHq  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== H**HHq  ]Ɋ& !XHq  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GlobH**HHq  ]Ɋ& !XHq  F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n-UH**Hq  ]Ɋ& !Hq  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e099aee5-3fce-437a-9c14-a43560f43d5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==5f**Hq  ]Ɋ& !Hq  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=35f73a7f-a14f-470f-84f2-2da7dc9a5c0e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e099aee5-3fce-437a-9c14-a43560f43d5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**Xs  ]Ɋ& !Xs  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**ps  ]Ɋ& !Xs  F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Pipp**hs  ]Ɋ& !Xs  F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCh**`s  ]Ɋ& !Xs  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p `**`s  ]Ɋ& !Xs  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`s  ]Ɋ& !Xs  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f`**s  ]Ɋ& !s  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b00ae5e9-f5a4-4108-99da-a62d7a992868 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=A**Ct  ]Ɋ& !Ct  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1ec9c882-fefa-40ca-bf03-a169cfa8b91c HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b00ae5e9-f5a4-4108-99da-a62d7a992868 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion RunspaceId ]Ɋ&  SX͠y  F&ommandLine= F& ElfChnkMM4A YMu=VysMc&&**0 ͠y  ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X͠y  F&F%g>9{p(xlMD EventDatauoData !Binary\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma0 **@͠y  ]Ɋ& !X͠y  F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@͠y  ]Ɋ& !X͠y  F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntV@**8 ͠y  ]Ɋ& !X͠y   F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H8**8!͠y  ]Ɋ& !X͠y ! F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8"͠y  ]Ɋ& !X͠y " F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-w8**#͠y  ]Ɋ& !͠y # F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=90295d9a-40f4-498c-a1eb-5bd4c1fb7e8b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=et**$c9z  ]Ɋ& !c9z $ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=df644fd8-d907-4f41-9c57-f9f9aa042ab1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=90295d9a-40f4-498c-a1eb-5bd4c1fb7e8b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, $**X%ƒ  ]Ɋ& !Xƒ % F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=SX**p&ƒ  ]Ɋ& !Xƒ & F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**p'ƒ  ]Ɋ& !Xƒ ' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypep**h(ƒ  ]Ɋ& !Xƒ ( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h)ƒ  ]Ɋ& !Xƒ ) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h*ƒ  ]Ɋ& !Xƒ * F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**+ƒ  ]Ɋ&  !ƒ + F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f0d1849-48eb-43b6-9f10-9548461f65ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP**,b[  ]Ɋ& !b[ , F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=140726d1-6eb2-4164-badd-b717cc166af2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2f0d1849-48eb-43b6-9f10-9548461f65ab PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**-RV  ]Ɋ& '!XRV - F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**.RV  ]Ɋ& ?!XRV . F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==**/RV  ]Ɋ& ;!XRV / F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=S**0RV  ]Ɋ& 3!XRV 0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= P**1RV  ]Ɋ& 3!XRV 1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta**2RV  ]Ɋ& 5!XRV 2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d=**03RV  ]Ɋ& !RV 3 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3a3a8fa3-9089-4b84-b9ef-f29fdb336ded PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H0**@4  ]Ɋ& ! 4 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=be5b9ea8-8633-4567-8521-34aa24850128 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=3a3a8fa3-9089-4b84-b9ef-f29fdb336ded PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= @**5qM ]Ɋ& )!XqM5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**6qM ]Ɋ& A!XqM6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ivir**7qM ]Ɋ& =!XqM7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **8qM ]Ɋ& 5!XqM8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d8**9qM ]Ɋ& 5!XqM9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc**:qM ]Ɋ& 7!XqM: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**0;qM ]Ɋ& !qM; F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4ec198d4-d79d-45a1-8dc6-5b4637bf5425 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@<ߢM ]Ɋ& !ߢM< F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d2bcd06e-0d83-4288-801f-ab5ae527eca0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4ec198d4-d79d-45a1-8dc6-5b4637bf5425 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X=ߢM ]Ɋ& !XߢM= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaX**p>ߢM ]Ɋ& !XߢM> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cep**h?ߢM ]Ɋ& !XߢM? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=qh**`@ߢM ]Ɋ& !XߢM@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`AߢM ]Ɋ& !XߢMA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hBߢM ]Ɋ& !XߢMB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**CߢM ]Ɋ&  !ߢMC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08b6974d-aa80-42c1-acbb-a95a4b515b1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aila**DߢM ]Ɋ& !ߢMD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=216804eb-0812-486b-8194-77eb59ae2dca HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08b6974d-aa80-42c1-acbb-a95a4b515b1a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=gi**8Ev;M ]Ɋ& !Xv;ME F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PFv;M ]Ɋ& !Xv;MF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PGv;M ]Ɋ& !Xv;MG F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HHv;M ]Ɋ& !Xv;MH F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HIv;M ]Ɋ& !Xv;MI F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HJv;M ]Ɋ& !Xv;MJ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sH**Kv;M ]Ɋ& !v;MK F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e3307ecf-6b20-4766-8df6-429926d58539 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Lv;M ]Ɋ& !v;ML F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1ee3a4a8-1ee7-4add-af1b-36e91edab76e HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e3307ecf-6b20-4766-8df6-429926d58539 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XMv;M ]Ɋ& !Xv;MM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= XommandLine= ]Ɋ& Xv;MN F&y  F&ommandLine= F& ElfChnkN~N~@Mu=VysMc&&**pNv;M ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! Q!Xv;MN F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ip**hOv;M ]Ɋ& !Xv;MO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o]h**`Pv;M ]Ɋ& !Xv;MP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st`**`Qv;M ]Ɋ& !Xv;MQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4f`**`Rv;M ]Ɋ& !Xv;MR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**Sv;M ]Ɋ& !v;MS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08b485ce-448a-47ec-8116-22df5146ff00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**Tv;M ]Ɋ& !v;MT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d82b07b8-f5ed-40b0-af20-cd77fb04789f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=08b485ce-448a-47ec-8116-22df5146ff00 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=#**(U9M ]Ɋ& !X9MU F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=N(**@V9M ]Ɋ& !X9MV F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=I@**@W9M ]Ɋ& !X9MW F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sys@**8X9M ]Ɋ& !X9MX F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rre8**8Y9M ]Ɋ& !X9MY F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=App8**8Z9M ]Ɋ& !X9MZ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=un8**[9M ]Ɋ& !9M[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=932015e1-cd9e-4263-acaa-f345274544c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&**\НM ]Ɋ& !НM\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=333fd79f-51c0-4dea-85ea-0e44dd65c1da HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=932015e1-cd9e-4263-acaa-f345274544c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**X]gM ]Ɋ& !XgM] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p^gM ]Ɋ& !XgM^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fp**p_gM ]Ɋ& !XgM_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthp**h`gM ]Ɋ& !XgM` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hagM ]Ɋ& !XgMa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**hbgM ]Ɋ& !XgMb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**cgM ]Ɋ&  !gMc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91af1dd7-8fe9-4856-a8ac-65fa7682fc72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **d*M ]Ɋ& !*Md F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c9f26f38-bb22-478b-84cb-13c2bc9202a1 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=91af1dd7-8fe9-4856-a8ac-65fa7682fc72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-456**eM ]Ɋ& '!XMe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**fM ]Ɋ& ?!XMf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**gM ]Ɋ& ;!XMg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=que**hM ]Ɋ& 3!XMh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**iM ]Ɋ& 3!XMi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=enc**jM ]Ɋ& 5!XMj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0kM ]Ɋ& !Mk F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0f5a8419-1f06-4564-91a7-5652953e1484 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@lW1M ]Ɋ& !W1Ml F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6c08f738-6ded-4d44-8cb2-190e0a980c74 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=0f5a8419-1f06-4564-91a7-5652953e1484 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== @**mZ ]Ɋ& )!XZm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersi**nZ ]Ɋ& A!XZn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**oZ ]Ɋ& =!XZo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e **pZ ]Ɋ& 5!XZp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6b**qZ ]Ɋ& 5!XZq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**rZ ]Ɋ& 7!XZr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0sZ ]Ɋ& !Zs F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b2c26ef1-6927-4e4a-911b-6901b7f544f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=v0**@t[ ]Ɋ& ![t F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2372d820-7871-4476-a980-cc0813651cef HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=b2c26ef1-6927-4e4a-911b-6901b7f544f2 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xu{[\ ]Ɋ& !X{[\u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**pv{[\ ]Ɋ& !X{[\v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hw{[\ ]Ɋ& !X{[\w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`x{[\ ]Ɋ& !X{[\x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`y{[\ ]Ɋ& !X{[\y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hz{[\ ]Ɋ& !X{[\z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**{{[\ ]Ɋ&  !{[\{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3424ddd-50e6-4318-b1dc-5109cd47bda1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wEng**|\ ]Ɋ& !\| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=95d0fe7f-c209-4bba-879f-61aa0b24e2b2 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f3424ddd-50e6-4318-b1dc-5109cd47bda1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d **8}kV_ ]Ɋ& !XkV_} F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8**P~kV_ ]Ɋ& !XkV_~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PF&y  F&ommandLine= F& ElfChnk -?]Mu=VysMc&&**PkV_ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! 1!XkV_ F&F%g>9{p(xlMD EventDatauoData !Binary~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CP**HkV_ ]Ɋ& !XkV_ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**HkV_ ]Ɋ& !XkV_ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ScrH**HkV_ ]Ɋ& !XkV_ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manH**kV_ ]Ɋ& !kV_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=079dba3e-5b13-4d9c-8c4d-61fa5162f38a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=omm**kV_ ]Ɋ& !kV_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b244fb62-88e7-4b55-8ebb-1d2eea93c8dc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=079dba3e-5b13-4d9c-8c4d-61fa5162f38a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X_ ]Ɋ& !X_ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=PipeX**p_ ]Ɋ& !X_ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US'p**h_ ]Ɋ& !X_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:Ph**`_ ]Ɋ& !X_ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dd`**`_ ]Ɋ& !X_ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ta`**`_ ]Ɋ& !X_ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**_ ]Ɋ& !_ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af342828-46ad-404d-9d88-66dc3de50859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**_ ]Ɋ& !_ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f7920cdd-cb11-44f8-879e-988630d4b155 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=af342828-46ad-404d-9d88-66dc3de50859 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**(` ]Ɋ& !X` F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5(**@` ]Ɋ& !X` F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@` ]Ɋ& !X` F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l='@**8` ]Ɋ& !X` F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Win8**8` ]Ɋ& !X` F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=C8**8` ]Ɋ& !X` F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**` ]Ɋ& !` F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e1bbf456-1ff7-4390-b759-401d4ff5e89a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Ÿa ]Ɋ& !Ÿa F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e739efd8-5b79-49dd-bca6-9323209ad033 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e1bbf456-1ff7-4390-b759-401d4ff5e89a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)))}**Xd ]Ɋ& !Xd F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pd ]Ɋ& !Xd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**pd ]Ɋ& !Xd F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=balp**hd ]Ɋ& !Xd F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-Sh**hd ]Ɋ& !Xd F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**hd ]Ɋ& !Xd F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**d ]Ɋ&  !d F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9d51799c-a2fb-4f89-80f7-4995ec857099 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**LLe ]Ɋ& !LLe F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=dc621417-4a5e-4b96-bb9c-62ea8f6ee3ef HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9d51799c-a2fb-4f89-80f7-4995ec857099 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Seq**e ]Ɋ& '!Xe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**e ]Ɋ& ?!Xe F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**e ]Ɋ& ;!Xe F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**e ]Ɋ& 3!Xe F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, **e ]Ɋ& 3!Xe F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**e ]Ɋ& 5!Xe F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| **0e ]Ɋ& !e F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9db3dfb4-f044-48af-8424-f3ec84510d18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ou0**@y}f ]Ɋ& !y}f F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6285fc46-2c5a-40d1-8ed4-ff703ae49583 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=9db3dfb4-f044-48af-8424-f3ec84510d18 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ceId@**d- ]Ɋ& )!Xd- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**d- ]Ɋ& A!Xd- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=shel**d- ]Ɋ& =!Xd- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**d- ]Ɋ& 5!Xd- F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**d- ]Ɋ& 5!Xd- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**d- ]Ɋ& 7!Xd- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0d- ]Ɋ& !d- F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=656ce445-cb25-467a-b904-c73cc2f7bd72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@^ ]Ɋ& !^ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=17c86747-b15a-4d38-bbef-d6b3f75c2d79 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=656ce445-cb25-467a-b904-c73cc2f7bd72 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rip@**XY! ]Ɋ& !XY! F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7bdX**pY! ]Ɋ& !XY! F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNap**hY! ]Ɋ& !XY! F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XY! F&ne= F& ElfChnk( icMu=VysMc&&**hY! ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!XY! F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=kV_h**`Y! ]Ɋ& !XY! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hY! ]Ɋ& !XY! F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**Y! ]Ɋ&  !Y! F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d7cbb3a5-0219-442a-8440-4b9fd0b8088c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**! ]Ɋ& !! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e1490d7b-f7fb-4279-87b2-947300ddcada HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d7cbb3a5-0219-442a-8440-4b9fd0b8088c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**8rT$ ]Ɋ& !XrT$ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PrT$ ]Ɋ& !XrT$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PrT$ ]Ɋ& !XrT$ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HrT$ ]Ɋ& !XrT$ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HrT$ ]Ɋ& !XrT$ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HrT$ ]Ɋ& !XrT$ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**H**rT$ ]Ɋ& !rT$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1c24e9fe-4d72-4246-8627-c82529aafb21 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**rT$ ]Ɋ& !rT$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=22f6a8ad-76a2-4956-bf40-320650231d21 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=1c24e9fe-4d72-4246-8627-c82529aafb21 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X$ ]Ɋ& !X$ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanX**p$ ]Ɋ& !X$ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ep**h$ ]Ɋ& !X$ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Glh**`$ ]Ɋ& !X$ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-H`**`$ ]Ɋ& !X$ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`$ ]Ɋ& !X$ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`**$ ]Ɋ& !$ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b203f9c-6740-4462-9784-164ffdf57b0d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$ ]Ɋ& !$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d1e76e96-e315-4f2e-8bdc-116ef3457f90 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b203f9c-6740-4462-9784-164ffdf57b0d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co**(bO' ]Ɋ& !XbO' F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= (**@bO' ]Ɋ& !XbO' F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@**@bO' ]Ɋ& !XbO' F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ins@**8bO' ]Ɋ& !XbO' F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ode8**8bO' ]Ɋ& !XbO' F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bb98**8bO' ]Ɋ& !XbO' F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S8**bO' ]Ɋ& !bO' F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=205b390e-d2ba-4418-a3d6-cda5262296c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( ]Ɋ& !( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=96748b4c-0fad-4cbe-a489-8c2850b913e1 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=205b390e-d2ba-4418-a3d6-cda5262296c1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **X0 ]Ɋ& !X0 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**p0 ]Ɋ& !X0 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p0 ]Ɋ& !X0 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tedp**h0 ]Ɋ& !X0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Eh**h0 ]Ɋ& !X0 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmah**h0 ]Ɋ& !X0 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**0 ]Ɋ&  !0 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ab039c12-af4e-4b76-ae77-97bdf697e3d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **aq1 ]Ɋ& !aq1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=426b65a0-7afd-4bf6-845d-b6636a31838b HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ab039c12-af4e-4b76-ae77-97bdf697e3d1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 **2 ]Ɋ& '!X2 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**2 ]Ɋ& ?!X2 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**2 ]Ɋ& ;!X2 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ide**2 ]Ɋ& 3!X2 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pac**2 ]Ɋ& 3!X2 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erS**2 ]Ɋ& 5!X2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**02 ]Ɋ& !2 F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=92df67e3-5fd5-4b12-a75d-2445cc7b00d7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le0**@3 ]Ɋ& !3 F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=37c81a7f-39eb-4c89-a576-9d6e99581691 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=92df67e3-5fd5-4b12-a75d-2445cc7b00d7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mman@**hb ]Ɋ& )!Xhb F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=g -w**hb ]Ɋ& A!Xhb F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**hb ]Ɋ& =!Xhb F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXhb F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XY! F&ne= F& ElfChnkpqlwڬnMu=VysMc&&**hb ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xhb F&F%g>9{p(xlMD EventDatauoData !BinaryFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **hb ]Ɋ& 5!Xhb F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 6**hb ]Ɋ& 7!Xhb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0bc ]Ɋ& !bc F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83e37e71-1378-4923-9362-ad416492d40b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@c ]Ɋ& !c F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3c625068-7bb5-4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=83e37e71-1378-4923-9362-ad416492d40b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dca@**Xc ]Ɋ& !Xc F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=HosX**pc ]Ɋ& !Xc F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=76ap**hc ]Ɋ& !Xc F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2h**`c ]Ɋ& !Xc F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`c ]Ɋ& !Xc F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hc ]Ɋ& !Xc F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=hellh**c ]Ɋ&  !c F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=edba935b-9852-4d64-89c6-2370ace89924 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rusS**+d ]Ɋ& !+d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=23cf7138-7909-451b-8530-8bd019220526 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=edba935b-9852-4d64-89c6-2370ace89924 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Up**8+d ]Ɋ& !X+d F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t\8**P+d ]Ɋ& !X+d F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t P**P+d ]Ɋ& !X+d F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ell P**H+d ]Ɋ& !X+d F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tionH**H+d ]Ɋ& !X+d F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**H+d ]Ɋ& !X+d F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6efH**+d ]Ɋ& !+d F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7fe8fb38-23c5-4aeb-902e-5220123bd970 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=p**+d ]Ɋ& !+d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3fd0a7b1-22e4-41f6-a75a-262c3f302cab HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7fe8fb38-23c5-4aeb-902e-5220123bd970 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s**X+d ]Ɋ& !X+d F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9674X**p+d ]Ɋ& !X+d F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent p**h+d ]Ɋ& !X+d F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`+d ]Ɋ& !X+d F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co`**`+d ]Ɋ& !X+d F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**`+d ]Ɋ& !X+d F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=:`**+d ]Ɋ& !+d F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6dba6733-f32d-4aaf-b0d5-be5090637302 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t**,e ]Ɋ& !,e F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4ebf251a-70b4-41cd-9194-92d9e14c660b HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6dba6733-f32d-4aaf-b0d5-be5090637302 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b4c**(,e ]Ɋ& !X,e F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@,e ]Ɋ& !X,e F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t@**@,e ]Ɋ& !X,e F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8,e ]Ɋ& !X,e F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Str8**8,e ]Ɋ& !X,e F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=';e8**8,e ]Ɋ& !X,e F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io8**,e ]Ɋ& !,e F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ebe5a59f-2f2d-4697-958a-6c779344ebb1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=45**Xe ]Ɋ& !Xe F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3f0c085d-c1d1-4205-aeb0-60ed26472820 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=ebe5a59f-2f2d-4697-958a-6c779344ebb1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**Xf ]Ɋ& !Xf F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uX**pf ]Ɋ& !Xf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ap**pf ]Ɋ& !Xf F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hf ]Ɋ& !Xf F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt h**h f ]Ɋ& !Xf  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsoh**h f ]Ɋ& !Xf  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=16h** f ]Ɋ&  !f  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd666db8-334e-40a8-bd2c-d1963e68f260 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me** g ]Ɋ& !g  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=41aef269-1900-4f76-a81a-828b15d8096a HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=cd666db8-334e-40a8-bd2c-d1963e68f260 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alue** g ]Ɋ& '!Xg  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**g ]Ɋ& ?!Xg F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**g ]Ɋ& ;!Xg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=neI**g ]Ɋ& 3!Xg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Staed Seque ]Ɋ& ioXg F&4543-a136-f4c59f2fd89b HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=owshell Get-Ci ]Ɋ& sNXhb F&playName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nhype= Scrip ]Ɋ& XY! F&ne= F& ElfChnkBBHl H/Mu=VysMc&&** g ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Xg F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **g ]Ɋ& 5!Xg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bc**0g ]Ɋ& !g F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32b99885-1b0d-4356-a955-e4a2a6fe0f9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=130**@Ih ]Ɋ& !Ih F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=67a2f01c-3846-430d-b2f7-d5ca89fd86e7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=32b99885-1b0d-4356-a955-e4a2a6fe0f9b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Co@**^f ]Ɋ& )!X^f F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on= **^f ]Ɋ& A!X^f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=play**^f ]Ɋ& =!X^f F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= r**^f ]Ɋ& 5!X^f F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=19**^f ]Ɋ& 5!X^f F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns**^f ]Ɋ& 7!X^f F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b**0f ]Ɋ& !f F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=822e779c-7cd7-4e40-aa4a-54f444e18979 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@!g ]Ɋ& !!g F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1b097e1d-ceac-4782-8e04-b0c4815398c4 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=822e779c-7cd7-4e40-aa4a-54f444e18979 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**@**X!g ]Ɋ& !X!g F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&X**p!g ]Ɋ& !X!g F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**h!g ]Ɋ& !X!g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**` !g ]Ɋ& !X!g  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`!!g ]Ɋ& !X!g! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=+`**h"!g ]Ɋ& !X!g" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Fh**#!g ]Ɋ&  !!g# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82d7a5db-cb12-47f0-8593-a6e2cc7df4c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oppe**$sh ]Ɋ& !sh$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e4d5d748-95cb-4d96-b27a-fe8790cd5841 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=82d7a5db-cb12-47f0-8593-a6e2cc7df4c8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de**8%sh ]Ɋ& !Xsh% F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro8**P&sh ]Ɋ& !Xsh& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FP**P'sh ]Ɋ& !Xsh' F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dP**H(sh ]Ɋ& !Xsh( F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!H**H)sh ]Ɋ& !Xsh) F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H*sh ]Ɋ& !Xsh* F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**+sh ]Ɋ& !sh+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4cecc2de-c0b3-4303-a097-dbf8cae21f10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**,sh ]Ɋ& !sh, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5e4c8e7e-8e67-46da-a9b7-96385a496537 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4cecc2de-c0b3-4303-a097-dbf8cae21f10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**X-N i ]Ɋ& !XN i- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= X**p.N i ]Ɋ& !XN i. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**h/N i ]Ɋ& !XN i/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=={h**`0N i ]Ɋ& !XN i0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=05`**`1N i ]Ɋ& !XN i1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi`**`2N i ]Ɋ& !XN i2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**3N i ]Ɋ& !N i3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d68efe62-83ce-4c4a-baee-bec868d88513 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**4N i ]Ɋ& !N i4 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0d914fa5-bde2-4ab9-a5b2-55e232c5d6a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=d68efe62-83ce-4c4a-baee-bec868d88513 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==eb**(5i ]Ɋ& !Xi5 F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e(**@6i ]Ɋ& !Xi6 F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= @**@7i ]Ɋ& !Xi7 F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E\M@**88i ]Ɋ& !Xi8 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**89i ]Ɋ& !Xi9 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**8:i ]Ɋ& !Xi: F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eV8**;i ]Ɋ& !i; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f4a7452-b9b8-4909-a85f-741cf6d419cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[S**<{=j ]Ɋ& !{=j< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e3b99498-9b76-40e4-be64-cc651ead9de4 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=5f4a7452-b9b8-4909-a85f-741cf6d419cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ayVe**X=՟l ]Ɋ& !X՟l= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p>՟l ]Ɋ& !X՟l> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rp**p?՟l ]Ɋ& !X՟l? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nstp**h@՟l ]Ɋ& !X՟l@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=perh**hA՟l ]Ɋ& !X՟lA F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=::Gh**hB՟l ]Ɋ& !X՟lB F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= IhtalledOn -De ]Ɋ&  !՟lC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8266e061-2905-4c53-abb5-83ec708ce91f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkCuCu8}Mu=VysMc&&** C՟l ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !՟lC F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8266e061-2905-4c53-abb5-83ec708ce91f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art **Dl8m ]Ɋ& !l8mD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=03e5e2de-b4d8-4d51-8823-6a505ef13069 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8266e061-2905-4c53-abb5-83ec708ce91f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=4**Em ]Ɋ& '!XmE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**Fm ]Ɋ& ?!XmF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**Gm ]Ɋ& ;!XmG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**Hm ]Ɋ& 3!XmH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovi**Im ]Ɋ& 3!XmI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **Jm ]Ɋ& 5!XmJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**0Km ]Ɋ& !mK F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=56f20360-7468-4b4e-8733-ee1ce3815d4a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=790**@Lin ]Ɋ& !inL F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ab328b9e-d129-49a1-979c-7977593e6f59 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=56f20360-7468-4b4e-8733-ee1ce3815d4a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d P@**M^g ]Ɋ& )!X^gM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**N^g ]Ɋ& A!X^gN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**O^g ]Ɋ& =!X^gO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **P^g ]Ɋ& 5!X^gP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tr**Q^g ]Ɋ& 5!X^gQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cl**R^g ]Ɋ& 7!X^gR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**0S _g ]Ɋ& ! _gS F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a2d68789-7541-49eb-81c0-de559cd50ae7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@TM`g ]Ɋ& !M`gT F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d2c8b396-5d4a-49c4-b8c0-d44926428f75 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a2d68789-7541-49eb-81c0-de559cd50ae7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art@**XULag ]Ɋ& !XLagU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d X**pVLag ]Ɋ& !XLagV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=p**hWLag ]Ɋ& !XLagW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ch**`XLag ]Ɋ& !XLagX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`YLag ]Ɋ& !XLagY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o`**hZLag ]Ɋ& !XLagZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tId=h**[Lag ]Ɋ&  !Lag[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=01532617-c456-495b-aa0b-e7cd8d82c68e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7e-8**\Lag ]Ɋ& !Lag\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=06d59e97-fc5d-4209-b7d0-066a338be722 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=01532617-c456-495b-aa0b-e7cd8d82c68e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**8]Lag ]Ɋ& !XLag] F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=de8**P^Lag ]Ɋ& !XLag^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tIP**P_Lag ]Ɋ& !XLag_ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==4.0P**H`Lag ]Ɋ& !XLag` F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HosH**HaLag ]Ɋ& !XLaga F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ConsH**HbLag ]Ɋ& !XLagb F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**cLag ]Ɋ& !Lagc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f95eff6a-3e85-44c4-af92-69760419ee64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=equ**dzag ]Ɋ& !zagd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fe7297d7-b8ec-4658-a92e-a52315052daf HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f95eff6a-3e85-44c4-af92-69760419ee64 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**Xezag ]Ɋ& !Xzage F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pfzag ]Ɋ& !Xzagf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Scp**hgzag ]Ɋ& !Xzagg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dOh**`hzag ]Ɋ& !Xzagh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ns`**`izag ]Ɋ& !Xzagi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh`**`jzag ]Ɋ& !Xzagj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**kzag ]Ɋ& !zagk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6508e494-beed-44b4-82d8-65e7269a2023 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**lzag ]Ɋ& !zagl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e3d8c6f2-ff9f-44ed-afdb-b1cc5b379a95 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6508e494-beed-44b4-82d8-65e7269a2023 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**(m~bg ]Ɋ& !X~bgm F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m(**@n~bg ]Ɋ& !X~bgn F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=U@**@o~bg ]Ɋ& !X~bgo F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8p~bg ]Ɋ& !X~bgp F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ARE8**8q~bg ]Ɋ& !X~bgq F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8r~bg ]Ɋ& !X~bgr F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**s~bg ]Ɋ& !~bgs F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c3613143-f387-4b50-abc3-6725e316f7c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Co**t>cg ]Ɋ& !>cgt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1a2aa271-d250-44b6-8521-a94b0231dbd7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=c3613143-f387-4b50-abc3-6725e316f7c0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eInf**Xukdg ]Ɋ& !Xkdgu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53Xkdgv F&aceId=8266e061-2905-4c53-abb5-83ec708ce91f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnkvv02t#GnMu=VysMc&&**x vkdg ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! W!Xkdgv F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== x **pwkdg ]Ɋ& !Xkdgw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== p**hxkdg ]Ɋ& !Xkdgx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=h**hykdg ]Ɋ& !Xkdgy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hzkdg ]Ɋ& !Xkdgz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**{kdg ]Ɋ&  !kdg{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9507cf5a-7469-4ac9-94c9-6b45ecfe2889 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**|yeg ]Ɋ& !yeg| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=716b1fa5-a0d7-45d0-98c9-6333b28ece3d HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9507cf5a-7469-4ac9-94c9-6b45ecfe2889 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**}fg ]Ɋ& '!Xfg} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**~fg ]Ɋ& ?!Xfg~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**fg ]Ɋ& ;!Xfg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=449**fg ]Ɋ& 3!Xfg F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**fg ]Ɋ& 3!Xfg F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=926**fg ]Ɋ& 5!Xfg F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0fg ]Ɋ& !fg F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=43e911e1-6f7e-4396-b753-5be62c41a3ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@Bgg ]Ɋ& !Bgg F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=904fe469-b336-498b-896c-246d5d5c2458 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=43e911e1-6f7e-4396-b753-5be62c41a3ae PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**9{p(xlMD EventDatauoData !BinaryhFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=e96b5872-8fa1-4618-8839-dbf02de0d31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8 **8nf ]Ɋ& !Xnf F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=e96b5872-8fa1-4618-8839-dbf02de0d31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er,8**8nf ]Ɋ& !Xnf F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=e96b5872-8fa1-4618-8839-dbf02de0d31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\W8**nf ]Ɋ& !nf F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=e96b5872-8fa1-4618-8839-dbf02de0d31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2fd71e80-24d6-45f7-b63f-79e35b1b180a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=71**7g ]Ɋ& !7g F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=e96b5872-8fa1-4618-8839-dbf02de0d31b HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=2fd71e80-24d6-45f7-b63f-79e35b1b180a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iabl**Xi ]Ɋ& !Xi F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pi ]Ɋ& !Xi F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**pi ]Ɋ& !Xi F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hi ]Ɋ& !Xi F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ovih**hi ]Ɋ& !Xi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=h**hi ]Ɋ& !Xi F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6-h**_i ]Ɋ&  !_i F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3bc2c0cc-8027-4bea-8330-9e2663d8ec8d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-O**1j ]Ɋ& !1j F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=acf1d6f1-ed16-4a76-8005-09eebb3af101 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3bc2c0cc-8027-4bea-8330-9e2663d8ec8d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ies[**1j ]Ɋ& '!X1j F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**1j ]Ɋ& ?!X1j F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**1j ]Ɋ& ;!X1j F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Run**1j ]Ɋ& 3!X1j F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **1j ]Ɋ& 3!X1j F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nsp**1j ]Ɋ& 5!X1j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te**01j ]Ɋ& !1j F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1e784dc6-3245-485f-814a-1d3cf7f4c08c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li0**@"ck ]Ɋ& !"ck F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=10fa3c19-e22a-47c0-baa4-7e6b104af99b HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1e784dc6-3245-485f-814a-1d3cf7f4c08c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nceN@**x+ ]Ɋ& )!Xx+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nmen**x+ ]Ɋ& A!Xx+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**x+ ]Ɋ& =!Xx+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h=**x+ ]Ɋ& 5!Xx+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**x+ ]Ɋ& 5!Xx+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**x+ ]Ɋ& 7!Xx+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**0 ]Ɋ& ! F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8f35d728-68bd-413d-8d25-36cc52e7cac1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c0**@\ ]Ɋ& !\ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d3cb709e-4f76-46cc-9e90-5348e145d637 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8f35d728-68bd-413d-8d25-36cc52e7cac1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e7-@**X\ ]Ɋ& !X\ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HX**p\ ]Ɋ& !X\ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 p**h\ ]Ɋ& !X\ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bh**`\ ]Ɋ& !X\ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1`**`\ ]Ɋ& !X\ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**h\ ]Ɋ& !X\ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stAph**; ]Ɋ&  !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a515408d-f5b7-40a8-b875-07f34122a0c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=viru**; ]Ɋ& !; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d8bf8d3c-dc40-4b87-b81f-1dbf8f9e1e0b HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=a515408d-f5b7-40a8-b875-07f34122a0c6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ti**8; ]Ɋ& !X; F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bj8**P; ]Ɋ& !X; F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erP**P; ]Ɋ& !X; F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tAppP**H; ]Ɋ& !X; F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=88c7H**H; ]Ɋ& !X; F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-913H**H; ]Ɋ& !X; F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=17-H**; ]Ɋ& !; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d6c51d1-4e59-4b74-b791-85028d11ed21 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=741**; ]Ɋ& !; F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3d8d5153-88a0-44ea-8448-d02574cd7375 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d6c51d1-4e59-4b74-b791-85028d11ed21 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3**Xҍ ]Ɋ& !Xҍ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ersiX**pҍ ]Ɋ& !Xҍ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovip**hҍ ]Ɋ& !Xҍ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`ҍ ]Ɋ& !Xҍ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id` PipelineId ]Ɋ&  CXҍ F&wid@ 65535 Eng ]Ɋ& ndXnf F&Name= CommandPath= CommandLine=CXtureInfo('en ]Ɋ& 53Xkdgv F&aceId=8266e061-2905-4c53-abb5-83ec708ce91f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ElfChnk @LYMu=VysMc&&**hҍ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! E!Xҍ F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== h**`ҍ ]Ɋ& !Xҍ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**ҍ ]Ɋ& !ҍ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f4fd2ff8-5225-40c5-9f2a-7127e6335bed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**ҍ ]Ɋ& !ҍ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a9f7414b-9a75-4a23-b7f6-a5c78166b9d9 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=f4fd2ff8-5225-40c5-9f2a-7127e6335bed PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(h& ]Ɋ& !Xh& F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3(**@h& ]Ɋ& !Xh& F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1@**@h& ]Ɋ& !Xh& F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8h& ]Ɋ& !Xh& F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8h& ]Ɋ& !Xh& F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8h& ]Ɋ& !Xh& F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**h& ]Ɋ& !h& F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0443f3fe-60e5-49aa-a29b-4c2272408bfc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE** ]Ɋ& ! F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8295bfdf-3e18-40d7-b6b0-4ca8b4eb0a04 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=0443f3fe-60e5-49aa-a29b-4c2272408bfc PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X, ]Ɋ& !X, F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p, ]Ɋ& !X, F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p, ]Ɋ& !X, F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h, ]Ɋ& !X, F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h, ]Ɋ& !X, F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h, ]Ɋ& !X, F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**, ]Ɋ&  !, F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=378ebcfb-0aff-4961-a6d4-deb2ccc06beb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sb**ˆ ]Ɋ& !ˆ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=001821f6-4409-44a2-98ac-9dfb072a7447 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=378ebcfb-0aff-4961-a6d4-deb2ccc06beb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ring**ˆ ]Ɋ& '!Xˆ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=O**ˆ ]Ɋ& ?!Xˆ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l**ˆ ]Ɋ& ;!Xˆ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ˆ ]Ɋ& 3!Xˆ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==d3**ˆ ]Ɋ& 3!Xˆ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=li**ˆ ]Ɋ& 5!Xˆ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6c**0ˆ ]Ɋ& !ˆ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=067a2d98-f115-49a8-a026-c46e08ab0f5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@ ]Ɋ& ! F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=aee7162e-522c-4661-b4c1-c05714a2c0b9 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=067a2d98-f115-49a8-a026-c46e08ab0f5d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**y ]Ɋ& )!Xy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**y ]Ɋ& A!Xy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **y ]Ɋ& =!Xy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**y ]Ɋ& 5!Xy F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**y ]Ɋ& 5!Xy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **y ]Ɋ& 7!Xy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0y ]Ɋ& !y F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6906f184-fd79-4e9d-8b08-b901689244cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@ y ]Ɋ& ! y F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4e0a29e5-bf64-4625-ad05-f8e7901ed5ab HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6906f184-fd79-4e9d-8b08-b901689244cb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**XJy ]Ɋ& !XJy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pJy ]Ɋ& !XJy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hJy ]Ɋ& !XJy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`Jy ]Ɋ& !XJy F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`Jy ]Ɋ& !XJy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hJy ]Ɋ& !XJy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**Jy ]Ɋ&  !Jy F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=15c24a1b-f23c-4976-9259-06f18b7a2651 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**Jy ]Ɋ& !Jy F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b20ae23b-261f-47cb-b586-72a4bd130825 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=15c24a1b-f23c-4976-9259-06f18b7a2651 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8:y ]Ɋ& !X:y F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**P:y ]Ɋ& !X:y F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**P:y ]Ɋ& !X:y F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**H:y ]Ɋ& !X:y F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**H :y ]Ɋ& !X:y  F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8ce9H PipelineI ]Ɋ&  X:y  F&ElfChnk : :hwMu=VysMc&&**H :y ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! +!X:y  F&F%g>9{p(xlMD EventDatauoData !BinaryxVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H** :y ]Ɋ& !:y  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c3ad9d84-5ca2-45b8-b5bf-032fbd4c33af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ҍ** :y ]Ɋ& !:y  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bc05694b-7a66-4240-b961-3aace2ed590c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c3ad9d84-5ca2-45b8-b5bf-032fbd4c33af PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X wy ]Ɋ& !Xwy  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== X**pwy ]Ɋ& !Xwy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lectp**hwy ]Ɋ& !Xwy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=']h**`wy ]Ɋ& !Xwy F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-`**`wy ]Ɋ& !Xwy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==C`**`wy ]Ɋ& !Xwy F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**wy ]Ɋ& !wy F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11071949-9c5a-4f71-8378-cac940d77966 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**wy ]Ɋ& !wy F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4bc67a02-59b8-4563-a087-5931eca82310 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=11071949-9c5a-4f71-8378-cac940d77966 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=**( ly ]Ɋ& !X ly F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n(**@ ly ]Ɋ& !X ly F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3@**@ ly ]Ɋ& !X ly F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.ps@**8 ly ]Ɋ& !X ly F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=M:\8**8 ly ]Ɋ& !X ly F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==008**8 ly ]Ɋ& !X ly F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=F8** ly ]Ɋ& ! ly F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=072dfad1-0851-4b5c-88d7-e72f594ea948 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=at**:y ]Ɋ& !:y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb40503c-ce4f-4f54-b70f-bd0dc9222206 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=072dfad1-0851-4b5c-88d7-e72f594ea948 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 655**Xgy ]Ɋ& !Xgy F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-X**pgy ]Ɋ& !Xgy F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dp**pgy ]Ɋ& !Xgy F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='enp**h gy ]Ɋ& !Xgy  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=allh**h!gy ]Ɋ& !Xgy! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h"gy ]Ɋ& !Xgy" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndh**#gy ]Ɋ&  !gy# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36f5d370-8414-4c71-8096-b238276541e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**$fy ]Ɋ& !fy$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=70d5827a-1c70-462f-bd3b-41020c7e8ed7 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=36f5d370-8414-4c71-8096-b238276541e1 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ost **%y ]Ɋ& '!Xy% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**&y ]Ɋ& ?!Xy& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**'y ]Ɋ& ;!Xy' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nam**(y ]Ɋ& 3!Xy( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ngi**)y ]Ɋ& 3!Xy) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fun***y ]Ɋ& 5!Xy* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n=**0+y ]Ɋ& !y+ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=024ae76a-5ef7-4a39-9b81-5d248df0039e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=3 0**@,0y ]Ɋ& !0y, F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=47dc7356-cc88-419f-aacf-efc632428234 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=024ae76a-5ef7-4a39-9b81-5d248df0039e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b @**- ]Ɋ& )!X- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=uctS**. ]Ɋ& A!X. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=curi**/ ]Ɋ& =!X/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0 ]Ɋ& 5!X0 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **1 ]Ɋ& 5!X1 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=vi**2 ]Ɋ& 7!X2 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**03W ]Ɋ& !W3 F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4385babc-8e6e-4df8-969f-aa932e87cc50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@43 ]Ɋ& !34 F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=72b3c4c6-4330-4e19-8923-108e168893a9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4385babc-8e6e-4df8-969f-aa932e87cc50 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**X5Ɉ ]Ɋ& !XɈ5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manX**p6Ɉ ]Ɋ& !XɈ6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmap**h7Ɉ ]Ɋ& !XɈ7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oh**`8Ɉ ]Ɋ& !XɈ8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**`9Ɉ ]Ɋ& !XɈ9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h:Ɉ ]Ɋ& !XɈ: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&h ]Ɋ& X:y ɈElfChnk;k;kkvMu=VysMc&&**;Ɉ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !Ɉ; F&F%g>9{p(xlMD EventDatauoData !BinaryAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=40905a6c-9d86-4cd4-9a84-7635ad3e8f91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**<Ɉ ]Ɋ& !Ɉ< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b696b72e-700e-4e8d-9947-d5c79b13060f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=40905a6c-9d86-4cd4-9a84-7635ad3e8f91 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8=Ɉ ]Ɋ& !XɈ= F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P>Ɉ ]Ɋ& !XɈ> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=&P**P?Ɉ ]Ɋ& !XɈ? F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**P**H@Ɉ ]Ɋ& !XɈ@ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmanH**HAɈ ]Ɋ& !XɈA F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndPaH**HBɈ ]Ɋ& !XɈB F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=H**CɈ ]Ɋ& !ɈC F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dd6788fd-b74b-4b91-bad8-0fa24488c915 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dLi**DɈ ]Ɋ& !ɈD F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=57c1973b-846b-4fc8-a5de-d16154569395 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=dd6788fd-b74b-4b91-bad8-0fa24488c915 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=C**XE`! ]Ɋ& !X`!E F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNamX**pF`! ]Ɋ& !X`!F F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ect p**hG`! ]Ɋ& !X`!G F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=peh**`H`! ]Ɋ& !X`!H F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca`**`I`! ]Ɋ& !X`!I F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um`**`J`! ]Ɋ& !X`!J F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**K`! ]Ɋ& !`!K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6c9d465c-bdca-4040-9885-f9199dcbcf6e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**L`! ]Ɋ& !`!L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6d21738e-e1a8-4eec-adab-56683e47f59f HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6c9d465c-bdca-4040-9885-f9199dcbcf6e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(M`! ]Ɋ& !X`!M F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=7(**@N`! ]Ɋ& !X`!N F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@O`! ]Ɋ& !X`!O F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da@**8P`! ]Ɋ& !X`!P F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on\8**8Q`! ]Ɋ& !X`!Q F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver8**8R`! ]Ɋ& !X`!R F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**S`! ]Ɋ& !`!S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6df2e3ac-00d2-4ce1-9515-d358d4e7224e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ri**TR ]Ɋ& !RT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=fb782a17-2741-447c-9969-c861d79b05ef HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=6df2e3ac-00d2-4ce1-9515-d358d4e7224e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | O**XU ]Ɋ& !XU F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eX**pV ]Ɋ& !XV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ip**pW ]Ɋ& !XW F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fo]p**hX ]Ɋ& !XX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5 |h**hY ]Ɋ& !XY F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=aceh**hZ ]Ɋ& !XZ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Coh**[ ]Ɋ&  ![ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=21f20440-cfa5-474f-aa7d-2f0fa8930854 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\P ]Ɋ& !P\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ef39338e-1b49-47a1-9956-d5efa240c654 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=21f20440-cfa5-474f-aa7d-2f0fa8930854 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**]P ]Ɋ& '!XP] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r**^P ]Ɋ& ?!XP^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**_P ]Ɋ& ;!XP_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as**`P ]Ɋ& 3!XP` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ing**aP ]Ɋ& 3!XPa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=art**bP ]Ɋ& 5!XPb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=65**0cP ]Ɋ& !Pc F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1fc64b87-484b-4c5a-858e-a3be6cc5dc9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@d}M ]Ɋ& !}Md F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1d2e2a92-e801-4597-92ac-5f59d544e30c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=1fc64b87-484b-4c5a-858e-a3be6cc5dc9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=df8-@**ez( ]Ɋ& )!Xz(e F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl d**fz( ]Ɋ& A!Xz(f F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e -N**gz( ]Ɋ& =!Xz(g F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8d**hz( ]Ɋ& 5!Xz(h F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ho**iz( ]Ɋ& 5!Xz(i F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me**jz( ]Ɋ& 7!Xz(j F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0kz( ]Ɋ& !z(k F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be624378-7fae-47cc-a3d5-cd94c6877c44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X:y ɈElfChnkllX;ogMu=VysMc&&**@l%"{( ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! #!%"{(l F&F%g>9{p(xlMD EventDatauoData !BinarypStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be624378-7fae-47cc-a3d5-cd94c6877c44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xm%"{( ]Ɋ& !X%"{(m F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cd4X**pn%"{( ]Ɋ& !X%"{(n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linp**ho%"{( ]Ɋ& !X%"{(o F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ah**`p%"{( ]Ɋ& !X%"{(p F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**`q%"{( ]Ɋ& !X%"{(q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==`**hr%"{( ]Ɋ& !X%"{(r F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= h**s{( ]Ɋ&  !{(s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77c824bc-98fb-4d3e-a8c5-6bd95dfe9b58 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&**t{( ]Ɋ& !{(t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f09f1e9d-63f5-4888-a3b4-82a15f436fa8 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=77c824bc-98fb-4d3e-a8c5-6bd95dfe9b58 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**8u{( ]Ɋ& !X{(u F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma8**Pv{( ]Ɋ& !X{(v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmP**Pw{( ]Ɋ& !X{(w F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= ComP**Hx{( ]Ɋ& !X{(x F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= H**Hy{( ]Ɋ& !X{(y F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoH**Hz{( ]Ɋ& !X{(z F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mmaH**{{( ]Ɋ& !{({ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88bb37fd-a121-4682-8b14-4864f8eb2a5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Sc**|{( ]Ɋ& !{(| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4277b443-affa-4e7c-9441-ca4179c8b38f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88bb37fd-a121-4682-8b14-4864f8eb2a5f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=y**X}RS|( ]Ɋ& !XRS|(} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-f91X**p~RS|( ]Ɋ& !XRS|(~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tCulp**hRS|( ]Ɋ& !XRS|( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=;eh**`RS|( ]Ɋ& !XRS|( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1-`**`RS|( ]Ɋ& !XRS|( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wP`**`RS|( ]Ɋ& !XRS|( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**RS|( ]Ɋ& !RS|( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7c980ce6-37f3-4e3d-a2e5-648d18376e0b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**RS|( ]Ɋ& !RS|( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c85d5b81-12e8-42de-a39e-6a3d0f4471a5 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7c980ce6-37f3-4e3d-a2e5-648d18376e0b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **(|( ]Ɋ& !X|( F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=R(**@|( ]Ɋ& !X|( F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e@**@|( ]Ɋ& !X|( F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n, @**8|( ]Ɋ& !X|( F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=TWA8**8|( ]Ɋ& !X|( F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er=8**8|( ]Ɋ& !X|( F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**|( ]Ɋ& !|( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e837b892-2fe3-4d62-969c-6c34350a9640 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **}( ]Ɋ& !}( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f6cb3d69-c337-4168-b739-a9ec9a90cb03 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e837b892-2fe3-4d62-969c-6c34350a9640 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ture**Xp( ]Ɋ& !Xp( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=GX**pp( ]Ɋ& !Xp( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pp( ]Ɋ& !Xp( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, p**hp( ]Ɋ& !Xp( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=en-h**hp( ]Ɋ& !Xp( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Deh**hp( ]Ɋ& !Xp( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=amh**p( ]Ɋ&  !p( F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73c5bdb6-19b7-4aba-9131-b774b1faf505 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( ]Ɋ& !( F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=12e81400-3124-4f2d-b182-a6cbf72d0ab5 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=73c5bdb6-19b7-4aba-9131-b774b1faf505 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tate**( ]Ɋ& '!X( F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**( ]Ɋ& ?!X( F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**( ]Ɋ& ;!X( F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( ]Ɋ& 3!X( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Pro**( ]Ɋ& 3!X( F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**( ]Ɋ& 5!X( F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l **0( ]Ɋ& !( F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=05b97a29-5779-4591-86c8-1d2068c80fb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os3I( F&on=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be624378-7fae-47cc-a3d5-cd94c6877c44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X:y ɈElfChnkD+Mu=VysMc&&**@ 3I( ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !!3I( F&F%g>9{p(xlMD EventDatauoData !BinarynStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b710d71e-0c8a-4a10-a73f-31dc5fef6bc5 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=05b97a29-5779-4591-86c8-1d2068c80fb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-@ **eR ]Ɋ& )!XeR F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=3 **eR ]Ɋ& A!XeR F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erNa**eR ]Ɋ& =!XeR F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**eR ]Ɋ& 5!XeR F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **eR ]Ɋ& 5!XeR F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e=**eR ]Ɋ& 7!XeR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0eR ]Ɋ& !eR F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c37e8ab-3df6-40d3-a70e-1d80e4401254 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@S ]Ɋ& !S F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8981fa45-ca22-4fb8-9457-6f8a029f2db0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4c37e8ab-3df6-40d3-a70e-1d80e4401254 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**XS ]Ɋ& !XS F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**pS ]Ɋ& !XS F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**hS ]Ɋ& !XS F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`S ]Ɋ& !XS F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`S ]Ɋ& !XS F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**hS ]Ɋ& !XS F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**S ]Ɋ&  !S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7848dcef-844e-43cf-a16b-995abc42e90e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **S ]Ɋ& !S F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8cf2d553-9bca-42a2-a4bb-91ef2ee6d809 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7848dcef-844e-43cf-a16b-995abc42e90e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**8)dT ]Ɋ& !X)dT F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P)dT ]Ɋ& !X)dT F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P)dT ]Ɋ& !X)dT F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H)dT ]Ɋ& !X)dT F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**H)dT ]Ɋ& !X)dT F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**H)dT ]Ɋ& !X)dT F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**)dT ]Ɋ& !)dT F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eab4a023-bd48-4cc0-b710-7b50784437b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**)dT ]Ɋ& !)dT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bc11bc36-bc24-4c39-9c61-da59c09da912 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=eab4a023-bd48-4cc0-b710-7b50784437b4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X)dT ]Ɋ& !X)dT F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p)dT ]Ɋ& !X)dT F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h)dT ]Ɋ& !X)dT F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`)dT ]Ɋ& !X)dT F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`)dT ]Ɋ& !X)dT F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`)dT ]Ɋ& !X)dT F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**)dT ]Ɋ& !)dT F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37ab8828-919c-488e-90ff-b18e559f822b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**)dT ]Ɋ& !)dT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ffb850dd-4969-4b1d-80fa-0372b48726a7 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=37ab8828-919c-488e-90ff-b18e559f822b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(T ]Ɋ& !XT F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8(**@T ]Ɋ& !XT F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@T ]Ɋ& !XT F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8T ]Ɋ& !XT F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8T ]Ɋ& !XT F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8T ]Ɋ& !XT F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**T ]Ɋ& !T F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a5d25f28-bd06-4251-997e-e70eb4784f05 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**VU ]Ɋ& !VU F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d577e36e-5c84-4d44-8c07-699c4f1d897f HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=a5d25f28-bd06-4251-997e-e70eb4784f05 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**XFX ]Ɋ& !XFX F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pFX ]Ɋ& !XFX F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pFX ]Ɋ& !XFX F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hFX ]Ɋ& !XFX F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hFX ]Ɋ& !XFX F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c5fh**hFX ]Ɋ& !XFX F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**FX ]Ɋ&  !FX F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88d3abf6-8479-453b-8b9e-8f05fb76a46f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**(Y ]Ɋ& !(Y F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d10e6f56-935c-43e2-82dd-3852d0c99e70 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=88d3abf6-8479-453b-8b9e-8f05fb76a46f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**(Y ]Ɋ& '!X(Y F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(n-US')))}} | ]Ɋ& dOX(Y F&=4.0 RunspaceId=05b97a29-5779-4591-86c8-1d2068c80fb5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=va0able Previ ]Ɋ& os3I( F&on=4.0 HostId=0952fba2-9eb0-4d74-a337-b97984ae6d56 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=be624378-7fae-47cc-a3d5-cd94c6877c44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X:y ɈElfChnk0}ֻMu=VysMc&&** (Y ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X(Y F&F%g>9{p(xlMD EventDatauoData !BinaryEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pt **(Y ]Ɋ& ;!X(Y F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**(Y ]Ɋ& 3!X(Y F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mma**(Y ]Ɋ& 3!X(Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4.0**(Y ]Ɋ& 5!X(Y F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ma**0(Y ]Ɋ& !(Y F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=029f5458-cec2-4749-b7b3-cd92846d2dba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI0**@ ZZ ]Ɋ& ! ZZ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=01b41a1f-7783-49c8-a85f-3d1068080150 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=029f5458-cec2-4749-b7b3-cd92846d2dba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mand@**o+ ]Ɋ& )!Xo+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**o+ ]Ɋ& A!Xo+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ntiv**o+ ]Ɋ& =!Xo+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t-**o+ ]Ɋ& 5!Xo+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d5**o+ ]Ɋ& 5!Xo+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=um**o+ ]Ɋ& 7!Xo+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0o+ ]Ɋ& !o+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99ac8159-a811-4697-b693-16b23d7f6970 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@- ]Ɋ& !- F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6b0bf820-9540-4657-9936-0bf43fff5217 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99ac8159-a811-4697-b693-16b23d7f6970 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= @**X- ]Ɋ& !X- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==X**p- ]Ɋ& !X- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=)dTp**h- ]Ɋ& !X- F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`- ]Ɋ& !X- F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`- ]Ɋ& !X- F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**h- ]Ɋ& !X- F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**- ]Ɋ&  !- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=307fb7af-79d8-4b8c-9e4c-012d7dd60b10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ҹ**2- ]Ɋ& !2- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d06d7919-52c8-4b3e-8d11-a0069f48e1a3 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=307fb7af-79d8-4b8c-9e4c-012d7dd60b10 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**82- ]Ɋ& !X2- F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P2- ]Ɋ& !X2- F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P2- ]Ɋ& !X2- F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H2- ]Ɋ& !X2- F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H2- ]Ɋ& !X2- F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H2- ]Ɋ& !X2- F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**2- ]Ɋ& !2- F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9e7305b3-4ea6-42e2-8fa2-1bc709127a16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=****2- ]Ɋ& !2- F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=78d1a62e-4ccc-4908-be4d-4283b95a87cc HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9e7305b3-4ea6-42e2-8fa2-1bc709127a16 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**X2. ]Ɋ& !X2. F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginX**p2. ]Ɋ& !X2. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izatp**h2. ]Ɋ& !X2. F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leh**`2. ]Ɋ& !X2. F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H`**`2. ]Ɋ& !X2. F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=er`**`2. ]Ɋ& !X2. F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**2. ]Ɋ& !2. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=824ef645-d2b8-40ed-a63d-fb1920c063ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**2. ]Ɋ& !2. F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=565ad36b-59a6-45bd-b52c-dccacd439561 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=824ef645-d2b8-40ed-a63d-fb1920c063ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**(2. ]Ɋ& !X2. F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(**@2. ]Ɋ& !X2. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l@**@2. ]Ɋ& !X2. F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= en@**82. ]Ɋ& !X2. F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ted8**82. ]Ɋ& !X2. F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=FX8**82. ]Ɋ& !X2. F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**2. ]Ɋ& !2. F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d5ce474d-d247-4ac9-8194-5245fbded65c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine='i**c/ ]Ɋ& !c/ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=bc44ba28-6db8-4f5e-af50-0b4ee3ea2e5e HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=d5ce474d-d247-4ac9-8194-5245fbded65c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= | f**X/ ]Ɋ& !X/ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**p/ ]Ɋ& !X/ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=op**p/ ]Ɋ& !X/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e,Dp**h/ ]Ɋ& !X/ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nabhd | Out-Stri ]Ɋ& d=X/ F&6877c44 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0 X:y ɈElfChnk33 j&Mu=VysMc&&**h / ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! K!X/ F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h **h/ ]Ɋ& !X/ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**/ ]Ɋ&  !/ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ecd5db95-407c-4cfe-862e-9d2bae44cf4a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**-1 ]Ɋ& !-1 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9eeec934-63a9-4477-ad0c-c8f859ff2e98 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ecd5db95-407c-4cfe-862e-9d2bae44cf4a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Name**-1 ]Ɋ& '!X-1 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m**-1 ]Ɋ& ?!X-1 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=w**-1 ]Ɋ& ;!X-1 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bf4**-1 ]Ɋ& 3!X-1 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** -1 ]Ɋ& 3!X-1  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=43f** -1 ]Ɋ& 5!X-1  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0 -1 ]Ɋ& !-1  F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c6197cba-79c8-4316-a583-e93f50a4de43 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ro0**@ P1 ]Ɋ& !P1  F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08addf3c-744d-4535-bfc4-c0a3a4d0b5c6 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c6197cba-79c8-4316-a583-e93f50a4de43 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@** U: ]Ɋ& )!XU:  F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h= **U: ]Ɋ& A!XU: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=line**U: ]Ɋ& =!XU: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= |**U: ]Ɋ& 5!XU: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nt**U: ]Ɋ& 5!XU: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pp**U: ]Ɋ& 7!XU: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0U: ]Ɋ& !U: F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ce87167-44c8-4457-811e-44a52ff30066 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 0**@: ]Ɋ& !: F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ade20771-62f2-4f54-a3a1-16fb449f1cb5 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=6ce87167-44c8-4457-811e-44a52ff30066 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te=@**XP: ]Ɋ& !XP: F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pP: ]Ɋ& !XP: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=menp**hP: ]Ɋ& !XP: F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`P: ]Ɋ& !XP: F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e`**`P: ]Ɋ& !XP: F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**hP: ]Ɋ& !XP: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateh**P: ]Ɋ&  !P: F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4f79e09c-976c-4129-9e53-780d26c75ae5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**P: ]Ɋ& !P: F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5cefbd9a-7959-4dc6-ba3a-7f40ff6f12e1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=4f79e09c-976c-4129-9e53-780d26c75ae5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on**8P: ]Ɋ& !XP: F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1 8**PP: ]Ɋ& !XP: F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= SP**PP: ]Ɋ& !XP: F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tateP**H P: ]Ɋ& !XP:  F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=NewPH**H!P: ]Ɋ& !XP:! F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==RegH**H"P: ]Ɋ& !XP:" F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rovH**#P: ]Ɋ& !P:# F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7f0fcc1-75cf-4724-b756-844e09ed431a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iou**$P: ]Ɋ& !P:$ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=088d833e-5b98-46e5-9bd4-d7e7dd56b86c HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c7f0fcc1-75cf-4724-b756-844e09ed431a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X%: ]Ɋ& !X:% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FX**p&: ]Ɋ& !X:& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ne=p**h': ]Ɋ& !X:' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=erh**`(: ]Ɋ& !X:( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=iz`**`): ]Ɋ& !X:) F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| `**`*: ]Ɋ& !X:* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0`**+: ]Ɋ& !:+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0437ffec-8dc8-4e8d-a6d9-498c9725846e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a**,: ]Ɋ& !:, F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=867b1332-3fc8-4167-a09a-a79ab9209778 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0437ffec-8dc8-4e8d-a6d9-498c9725846e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**(-: ]Ɋ& !X:- F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@.: ]Ɋ& !X:. F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@/: ]Ɋ& !X:/ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wid@**80: ]Ɋ& !X:0 F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Da8**81: ]Ɋ& !X:1 F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=\Un8**82: ]Ɋ& !X:2 F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on8**3: ]Ɋ& !:3 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=08e810dc-bead-4946-9533-c4d16b50652d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id CommandNam ]Ɋ&  :4 F&:y ɈElfChnk4e4epm$+0Mu=VysMc&&** 4: ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! y!:4 F&F%g>9{p(xlMD EventDatauoData !BinaryStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ca328519-ced1-4773-a3ef-d7fed4118383 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=08e810dc-bead-4946-9533-c4d16b50652d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **X5A: ]Ɋ& !XA:5 F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sX**p6A: ]Ɋ& !XA:6 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**p7A: ]Ɋ& !XA:7 F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=izep**h8A: ]Ɋ& !XA:8 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ginh**h9A: ]Ɋ& !XA:9 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**h:A: ]Ɋ& !XA:: F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-1h**;ײ: ]Ɋ&  !ײ:; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3cf4160e-46b7-4a37-9eed-00ff4cb48c66 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**<nK: ]Ɋ& !nK:< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b30986ba-49cc-4460-9cef-46cc339b77eb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3cf4160e-46b7-4a37-9eed-00ff4cb48c66 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**=: ]Ɋ& '!X:= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4**>: ]Ɋ& ?!X:> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1**?: ]Ɋ& ;!X:? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Sta**@: ]Ɋ& 3!X:@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id=**A: ]Ɋ& 3!X:A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ate**B: ]Ɋ& 5!X:B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in**0C: ]Ɋ& !:C F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c9300997-2d52-4d44-9773-ced620b2d582 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=st0**@D1: ]Ɋ& !1:D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=2918332c-8e9f-4661-8a2a-7a8236b2ea09 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c9300997-2d52-4d44-9773-ced620b2d582 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam@**E65Þ ]Ɋ& )!X65ÞE F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**F65Þ ]Ɋ& A!X65ÞF F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ant**G65Þ ]Ɋ& =!X65ÞG F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**H65Þ ]Ɋ& 5!X65ÞH F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**I65Þ ]Ɋ& 5!X65ÞI F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq**J65Þ ]Ɋ& 7!X65ÞJ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**0K65Þ ]Ɋ& !65ÞK F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a307e23-f55f-4389-87af-f69955ffdd71 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@LcfĞ ]Ɋ& !cfĞL F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=3adf555b-186c-4d0b-b433-fc92f88d5c10 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2a307e23-f55f-4389-87af-f69955ffdd71 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&@**XMĞ ]Ɋ& !XĞM F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CX**pNĞ ]Ɋ& !XĞN F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==p**hOĞ ]Ɋ& !XĞO F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`PĞ ]Ɋ& !XĞP F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`QĞ ]Ɋ& !XĞQ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hRĞ ]Ɋ& !XĞR F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**SĞ ]Ɋ&  !ĞS F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=985b362a-7624-4b72-b614-96750bbdc634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**TĞ ]Ɋ& !ĞT F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=af220291-703a-43ad-b0b4-83d044d99067 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=985b362a-7624-4b72-b614-96750bbdc634 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ew**8UŞ ]Ɋ& !XŞU F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**PVŞ ]Ɋ& !XŞV F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**PWŞ ]Ɋ& !XŞW F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**HXŞ ]Ɋ& !XŞX F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**HYŞ ]Ɋ& !XŞY F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**HZŞ ]Ɋ& !XŞZ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*H**[Ş ]Ɋ& !Ş[ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b4f7646-cfc7-4e74-a232-e5e58af83d97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**\Ş ]Ɋ& !Ş\ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=8b502baf-6787-48f9-9c91-c8eb8ab6919f HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=2b4f7646-cfc7-4e74-a232-e5e58af83d97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X]Ş ]Ɋ& !XŞ] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPatX**p^Ş ]Ɋ& !XŞ^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nginp**h_Ş ]Ɋ& !XŞ_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=alh**``Ş ]Ɋ& !XŞ` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fi`**`aŞ ]Ɋ& !XŞa F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on`**`bŞ ]Ɋ& !XŞb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**cŞ ]Ɋ& !Şc F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=246e3c8e-2f08-4312-805a-8c38e348e892 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**d'0ƞ ]Ɋ& !'0ƞd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=89411e63-d70b-4e5c-8095-64aed4db8e8e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=246e3c8e-2f08-4312-805a-8c38e348e892 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=man**(e'0ƞ ]Ɋ& !X'0ƞe F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o(andType= S ]Ɋ&  X'0ƞf F&  :4 F&:y ɈElfChnkff0L|6;dMu=VysMc&&**H f'0ƞ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! '!X'0ƞf F&F%g>9{p(xlMD EventDatauoData !BinarytEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptH **@g'0ƞ ]Ɋ& !X'0ƞg F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eIn@**8h'0ƞ ]Ɋ& !X'0ƞh F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=isp8**8i'0ƞ ]Ɋ& !X'0ƞi F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= HK8**8j'0ƞ ]Ɋ& !X'0ƞj F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nc8**k'0ƞ ]Ɋ& !'0ƞk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e125f149-2ffc-47c9-b6b2-07acce14811d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**lTaǞ ]Ɋ& !TaǞl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=1bd7baaa-1a3d-4f78-b382-a4826ef92bea HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e125f149-2ffc-47c9-b6b2-07acce14811d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ptNa**XmǞ ]Ɋ& !XǞm F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**pnǞ ]Ɋ& !XǞn F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=np**poǞ ]Ɋ& !XǞo F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cf4p**hpǞ ]Ɋ& !XǞp F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dTyh**hqǞ ]Ɋ& !XǞq F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**hrǞ ]Ɋ& !XǞr F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**sȞ ]Ɋ&  !Ȟs F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8a85336d-3ba8-450b-8cb2-99a074c534bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**t+ɞ ]Ɋ& !+ɞt F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=f2c30ca8-0ba4-485b-9d9b-9acbec7babdb HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8a85336d-3ba8-450b-8cb2-99a074c534bf PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=wers**u+ɞ ]Ɋ& '!X+ɞu F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i**v+ɞ ]Ɋ& ?!X+ɞv F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**w+ɞ ]Ɋ& ;!X+ɞw F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stV**x+ɞ ]Ɋ& 3!X+ɞx F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com**y+ɞ ]Ɋ& 3!X+ɞy F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ver**z+ɞ ]Ɋ& 5!X+ɞz F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **0{+ɞ ]Ɋ& !+ɞ{ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=da04033b-33be-4550-af02-d84f02775730 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=100**@|D\ʞ ]Ɋ& !D\ʞ| F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c473142a-df55-473d-903d-b39708afa973 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=da04033b-33be-4550-af02-d84f02775730 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==@**}Uߊd ]Ɋ& )!XUߊd} F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dNam**~Uߊd ]Ɋ& A!XUߊd~ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=idth**Uߊd ]Ɋ& =!XUߊd F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= A**Uߊd ]Ɋ& 5!XUߊd F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sh**Uߊd ]Ɋ& 5!XUߊd F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI**Uߊd ]Ɋ& 7!XUߊd F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=q**0Uߊd ]Ɋ& !Uߊd F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7c777ec2-cd3a-4fde-9fcc-169ec537c71a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0**@d ]Ɋ& !d F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6ce18e1f-aa78-4bb8-9eb6-673019534257 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=7c777ec2-cd3a-4fde-9fcc-169ec537c71a PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**Xd ]Ɋ& !Xd F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pd ]Ɋ& !Xd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**hd ]Ɋ& !Xd F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**`d ]Ɋ& !Xd F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**`d ]Ɋ& !Xd F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**hd ]Ɋ& !Xd F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=leSh**d ]Ɋ&  !d F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=86b3c5d6-5346-44b1-8530-7a0dc620d867 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Non**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=5d434a12-149f-4df2-80de-1f3f00df95a9 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=86b3c5d6-5346-44b1-8530-7a0dc620d867 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8d ]Ɋ& !Xd F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=s 8**Pd ]Ɋ& !Xd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rNP**Pd ]Ɋ& !Xd F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=StaP**Hd ]Ɋ& !Xd F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hd ]Ɋ& !Xd F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**Hd ]Ɋ& !Xd F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**d ]Ɋ& !d F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ccb14be1-5137-419f-94bf-06eef9252880 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**d ]Ɋ& !d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=b0dcc411-6f66-4b75-8b6a-a4e72b70cfd5 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ccb14be1-5137-419f-94bf-06eef9252880 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**XAd ]Ɋ& !XAd F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pAd ]Ɋ& !XAd F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ndTyp= ScriptNa ]Ɋ& = XAd F&  X'0ƞf F&  :4 F&:y ɈElfChnk(xFWMu=VysMc&&**pAd ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! M!XAd F&F%g>9{p(xlMD EventDatauoData !BinaryFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on=p**`Ad ]Ɋ& !XAd F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io`**`Ad ]Ɋ& !XAd F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=le`**`Ad ]Ɋ& !XAd F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H`**Ad ]Ɋ& !Ad F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0ededbf0-8a93-4c7d-a79c-f21766751186 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d**Ad ]Ɋ& !Ad F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=ed95d67b-0721-4b1f-a82f-3e2864ba4929 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0ededbf0-8a93-4c7d-a79c-f21766751186 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ila**(Ad ]Ɋ& !XAd F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**@Ad ]Ɋ& !XAd F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**@Ad ]Ɋ& !XAd F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h 6@**8Ad ]Ɋ& !XAd F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eTi8**8Ad ]Ɋ& !XAd F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nst8**8Ad ]Ɋ& !XAd F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.08**Ad ]Ɋ& !Ad F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=14285eb5-f5cb-4e6f-aab2-f53af7627c3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **Eڍd ]Ɋ& !Eڍd F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=afa43faf-b93f-4f19-adc4-39785b2ecadd HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=14285eb5-f5cb-4e6f-aab2-f53af7627c3b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ǘ**Xr d ]Ɋ& !Xr d F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pr d ]Ɋ& !Xr d F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Cp**pr d ]Ɋ& !Xr d F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Comp**hr d ]Ɋ& !Xr d F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ih**hr d ]Ɋ& !Xr d F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=!h**hr d ]Ɋ& !Xr d F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=meh**r d ]Ɋ&  !r d F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d145655-a2b4-4cf4-83d7-8c96a179ae42 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tI** d ]Ɋ& ! d F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=80de82f1-58dd-487e-bcfc-26f8a241dbe6 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8d145655-a2b4-4cf4-83d7-8c96a179ae42 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= . |** ]Ɋ& !G> F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d7f9b1ce-ec91-4e65-b73d-d02343b730f7 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=786bd069-7a81-4053-b79e-050aff2366c5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=top@**XG> ]Ɋ& !XG> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=X**pG> ]Ɋ& !XG> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stp**hG> ]Ɋ& !XG> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dh**`G> ]Ɋ& !XG> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n`**`G> ]Ɋ& !XG> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P`**hG> ]Ɋ& !XG> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Stah**G> ]Ɋ&  !G> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ffa5da61-c123-4dcd-97ff-c7ee94d65408 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**G> ]Ɋ& !G> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=a3b46c09-c3cc-478c-b4ad-a00ec04643d1 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ffa5da61-c123-4dcd-97ff-c7ee94d65408 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=.0**8> ]Ɋ& !X> F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**P> ]Ɋ& !X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ueP**P> ]Ɋ& !X> F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P  ]Ɋ& F&:y XElfChnk0vMu=VysMc&&**H> ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! )!X> F&F%g>9{p(xlMD EventDatauoData !BinaryvFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H**H> ]Ɋ& !X> F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CH**H> ]Ɋ& !X> F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ScrH**> ]Ɋ& !> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb620499-67bd-4fbb-8023-710088a85a97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C**> ]Ɋ& !> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=93b14a10-cc06-4999-a79f-26fd5d286cb4 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=bb620499-67bd-4fbb-8023-710088a85a97 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**X> ]Ɋ& !X> F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoX**p> ]Ɋ& !X> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sortp**h> ]Ɋ& !X> F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bah**`> ]Ɋ& !X> F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=os`**`> ]Ɋ& !X> F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eq`**`> ]Ɋ& !X> F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=`**> ]Ɋ& !> F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f4373eb-f23c-43f4-9261-3745b6e7c588 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**> ]Ɋ& !> F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=4606ee27-cdec-49e6-89d8-2d5cc3a6e3ce HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=3f4373eb-f23c-43f4-9261-3745b6e7c588 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= **(x? ]Ɋ& !Xx? F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=f(**@x? ]Ɋ& !Xx? F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=V@**@x? ]Ɋ& !Xx? F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te'@**8x? ]Ɋ& !Xx? F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ent8**8x? ]Ɋ& !Xx? F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t 8**8x? ]Ɋ& !Xx? F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**x? ]Ɋ& !x? F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e909d826-87cd-452a-825d-1f32e2cd2b4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=pe**G@ ]Ɋ& !G@ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0ca6e9f7-e80d-4178-8c9f-c14c8e545c21 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e909d826-87cd-452a-825d-1f32e2cd2b4e PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ated**X8 C ]Ɋ& !X8 C F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p8 C ]Ɋ& !X8 C F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tp**p8 C ]Ɋ& !X8 C F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ultp**h8 C ]Ɋ& !X8 C F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dthh**h8 C ]Ɋ& !X8 C F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= h**h8 C ]Ɋ& !X8 C F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Nah**8 C ]Ɋ&  !8 C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c8f76541-1126-4133-9ce6-f24b5b773d89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ΤC ]Ɋ& !ΤC F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=80a008ce-14e0-45f4-8cd3-c422be3a6756 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c8f76541-1126-4133-9ce6-f24b5b773d89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ber=**ΤC ]Ɋ& '!XΤC F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=n**ΤC ]Ɋ& ?!XΤC F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **ΤC ]Ɋ& ;!XΤC F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**ΤC ]Ɋ& 3!XΤC F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ou**ΤC ]Ɋ& 3!XΤC F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cti**ΤC ]Ɋ& 5!XΤC F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= -**0ΤC ]Ɋ& !ΤC F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c3655848-09e0-44b6-842f-5cf1c44fcf33 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=te0**@D ]Ɋ& !D F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=95cb1f2c-6e5c-4655-be10-1d18afa5365c HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=c3655848-09e0-44b6-842f-5cf1c44fcf33 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=9-7a@**+ ]Ɋ& )!X+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oduc**+ ]Ɋ& A!X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=mIns**+ ]Ɋ& =!X+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-c**+ ]Ɋ& 5!X+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r=**+ ]Ɋ& 5!X+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ov**+ ]Ɋ& 7!X+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**0+ ]Ɋ& !+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=63b12811-0926-4ee7-a169-c71c22b66120 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@+ ]Ɋ& !+ F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=048ed73c-0c79-4278-be05-a034355063d0 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=63b12811-0926-4ee7-a169-c71c22b66120 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Com@**X+ ]Ɋ& !X+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=linX**p+ ]Ɋ& !X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=manp**h+ ]Ɋ& !X+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rh**`+ ]Ɋ& !X+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&XElfChnk((} fMu=VysMc&&**h+ ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! G!X+ F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**h+ ]Ɋ& !X+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**+ ]Ɋ&  !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58694703-9616-4374-8d63-448c94267ad0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= FӸ**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=07935086-7e68-4ccc-accd-a1a2d6d39ee7 HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=58694703-9616-4374-8d63-448c94267ad0 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Av**8+ ]Ɋ& !X+ F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=8**P+ ]Ɋ& !X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**P+ ]Ɋ& !X+ F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=P**H+ ]Ɋ& !X+ F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=]Ɋ&H**H+ ]Ɋ& !X+ F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**H+ ]Ɋ& !X+ F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==H**+ ]Ɋ& !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e503ef1b-0ef1-4d15-b109-e6529ba9ff9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=792e9d07-ac13-4885-8b11-98cdcb962306 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=e503ef1b-0ef1-4d15-b109-e6529ba9ff9c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**X;N+ ]Ɋ& !X;N+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me= X**p;N+ ]Ɋ& !X;N+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-lasp**h;N+ ]Ɋ& !X;N+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=[Sh**`;N+ ]Ɋ& !X;N+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-U`**` ;N+ ]Ɋ& !X;N+  F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `**` ;N+ ]Ɋ& !X;N+  F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=t`** ;N+ ]Ɋ& !;N+  F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9d34b185-9cde-458d-a497-02e63e62c12d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=** ;N+ ]Ɋ& !;N+  F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=9bdd6497-aecd-4ee3-bd63-6f8d7f8544c0 HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9d34b185-9cde-458d-a497-02e63e62c12d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=dPa**( ;N+ ]Ɋ& !X;N+  F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a(**@;N+ ]Ɋ& !X;N+ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=5@**@;N+ ]Ɋ& !X;N+ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ert@**8;N+ ]Ɋ& !X;N+ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Wow8**8;N+ ]Ɋ& !X;N+ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e0-8**8;N+ ]Ɋ& !X;N+ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fu8**;N+ ]Ɋ& !;N+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f153ef16-fe13-4aae-bfa3-106539dcc425 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=15592393-96f5-411c-bd06-c3ca574b4c13 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=f153ef16-fe13-4aae-bfa3-106539dcc425 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ineV**X+ ]Ɋ& !X+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= X**p+ ]Ɋ& !X+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ep**p+ ]Ɋ& !X+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=, Ep**h+ ]Ɋ& !X+ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=cenh**h+ ]Ɋ& !X+ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me=h**h+ ]Ɋ& !X+ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=h**+ ]Ɋ&  !+ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c08c2e74-b9e6-4aa6-a58b-ae32913191c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S**+ ]Ɋ& !+ F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7c5beed1-e30a-4f1e-ba21-7e4125d8e6e2 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=c08c2e74-b9e6-4aa6-a58b-ae32913191c7 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rsio**,I+ ]Ɋ& '!X,I+ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=H**,I+ ]Ɋ& ?!X,I+ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**,I+ ]Ɋ& ;!X,I+ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= Ne** ,I+ ]Ɋ& 3!X,I+  F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **!,I+ ]Ɋ& 3!X,I+! F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ewP**",I+ ]Ɋ& 5!X,I+" F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=eI**0#,I+ ]Ɋ& !,I+# F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=86ec39d4-0cc2-45b0-911c-d322c354979f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=me0**@$+ ]Ɋ& !+$ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6bbe0ea6-72d5-4993-88ed-7beca18fc1d7 HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=86ec39d4-0cc2-45b0-911c-d322c354979f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Id= @**%4 ]Ɋ& )!X4% F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ut-S**&4 ]Ɋ& A!X4& F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=2 -C**'4 ]Ɋ& =!X4' F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca**(4 ]Ɋ& 5!X4( F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=on.0 HostId= ]Ɋ& icX4) F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&XElfChnk)Y)Yp;jcMu=VysMc&&**)4 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !X4) F&F%g>9{p(xlMD EventDatauoData !BinaryRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e= ***4 ]Ɋ& 7!X4* F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **0+4 ]Ɋ& !4+ F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=79d7e7d7-b9da-49cb-ab31-2e054fed60e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d0**@,*<4 ]Ɋ& !*<4, F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d6a7db41-58e0-47c6-b6f7-5311d97d77d9 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=79d7e7d7-b9da-49cb-ab31-2e054fed60e5 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ot/@**X-4 ]Ɋ& !X4- F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=werX**p.4 ]Ɋ& !X4. F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompp**h/4 ]Ɋ& !X4/ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fh**`04 ]Ɋ& !X40 F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=E`**`14 ]Ɋ& !X41 F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=i`**h24 ]Ɋ& !X42 F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ureLh**34 ]Ɋ&  !43 F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8cf56c5b-4623-4f4b-8907-c51de9af2625 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=535 **44 ]Ɋ& !44 F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=08c28f64-b164-47f4-8cf8-d80730b0161a HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=8cf56c5b-4623-4f4b-8907-c51de9af2625 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=io**854 ]Ɋ& !X45 F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yp8**P64 ]Ɋ& !X46 F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNP**P74 ]Ɋ& !X47 F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=EncrP**H84 ]Ɋ& !X48 F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=rosoH**H94 ]Ɋ& !X49 F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=secuH**H:4 ]Ɋ& !X4: F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= RoH**;4 ]Ɋ& !4; F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9327b47c-e4cc-450e-9029-8c1713f7bd1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=oft**<4 ]Ɋ& !4< F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=6398203a-e056-47db-82ad-7747883fbfa1 HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9327b47c-e4cc-450e-9029-8c1713f7bd1d PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u**X=Wm4 ]Ɋ& !XWm4= F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=l SeX**p>Wm4 ]Ɋ& !XWm4> F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Conp**h?Wm4 ]Ɋ& !XWm4? F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Fih**`@Wm4 ]Ɋ& !XWm4@ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=nd`**`AWm4 ]Ɋ& !XWm4A F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ng`**`BWm4 ]Ɋ& !XWm4B F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=b`**CWm4 ]Ɋ& !Wm4C F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=28aea82b-0865-4547-b5cc-617d7dcdedba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=T**DWm4 ]Ɋ& !Wm4D F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=d2eca072-1529-424c-973f-29a913a2341e HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=28aea82b-0865-4547-b5cc-617d7dcdedba PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Cu**(EWm4 ]Ɋ& !XWm4E F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=c(**@FWm4 ]Ɋ& !XWm4F F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4@**@GWm4 ]Ɋ& !XWm4G F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8HWm4 ]Ɋ& !XWm4H F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= 8**8IWm4 ]Ɋ& !XWm4I F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e, 8**8JWm4 ]Ɋ& !XWm4J F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ur8**KWm4 ]Ɋ& !Wm4K F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1c9565ea-02f6-44c7-b2dd-6de2dd4aa24c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= g**L4 ]Ɋ& !4L F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=c81375c1-5613-479f-bb02-d61b78249699 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=1c9565ea-02f6-44c7-b2dd-6de2dd4aa24c PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVe**XM74 ]Ɋ& !X74M F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=tX**pN74 ]Ɋ& !X74N F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= p**pO74 ]Ɋ& !X74O F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=as p**hP74 ]Ɋ& !X74P F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Conh**hQ74 ]Ɋ& !X74Q F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ca1h**hR74 ]Ɋ& !X74R F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-Ch**S74 ]Ɋ&  !74S F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99ceaa75-fedc-465c-bc10-a4ed032897a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=im**T4 ]Ɋ& !4T F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=148de37d-5493-49bb-a605-0991263d23b9 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=99ceaa75-fedc-465c-bc10-a4ed032897a6 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S'))**UHh4 ]Ɋ& '!XHh4U F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=(**VHh4 ]Ɋ& ?!XHh4V F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=G**WHh4 ]Ɋ& ;!XHh4W F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= **XHh4 ]Ɋ& 3!XHh4X F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**YHh4 ]Ɋ& 3!XHh4Y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& XHh4Z F&) F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&XElfChnkZZp(?d nMu=VysMc&&** ZHh4 ]Ɋ&]Ɋ 7{#]AQM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAR{Provider/=KName PowerShellAMsaEventID') QualifiersdLevelE{Task$jKeywordsAP:; TimeCreated'cj<{ SystemTime .F EventRecordID FaChannelWindows PowerShell<:;nComputer FILF-APP-RECABV.SecurityyfLUserID ! !XHh4Z F&F%g>9{p(xlMD EventDatauoData !BinaryVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=47c **0[Hh4 ]Ɋ& !Hh4[ F&bAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8657acf6-e493-4858-ae42-a3a5f6fa1599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**@\ 4 ]Ɋ& ! 4\ F&nStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=720a7dca-7f9f-48ed-abde-60ac7b2aa73d HostApplication=powershell Set-Culture en-US; Get-HotFix -ComputerName . | Select-Object PSComputerName,Description,HotFixID,InstalledBy,@{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion=4.0 RunspaceId=8657acf6-e493-4858-ae42-a3a5f6fa1599 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= H@**]v ]Ɋ& )!Xv] F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine==Con**^v ]Ɋ& A!Xv^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=m **_v ]Ɋ& =!Xv_ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=0**`v ]Ɋ& 5!Xv` F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=**av ]Ɋ& 5!Xva F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine== **bv ]Ɋ& 7!Xvb F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=e**0cow ]Ɋ& !owc F&dAvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ef99668-7da7-44ea-a0c7-7e8cae3401ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=S0**@dx ]Ɋ& !xd F&pStoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=7a6ece81-9e1f-4850-bef5-77f152445899 HostApplication=powershell Get-NetFirewallProfile | fl Name, Enabled | Out-String -width 65535 EngineVersion=4.0 RunspaceId=9ef99668-7da7-44ea-a0c7-7e8cae3401ea PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r2 @**Xex ]Ɋ& !Xxe F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ompX**pfx ]Ɋ& !Xxf F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=fl p**hgx ]Ɋ& !Xxg F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=lh**`hx ]Ɋ& !Xxh F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=u`**`iB9y ]Ɋ& !XB9yi F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=a`**hjB9y ]Ɋ& !XB9yj F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Quich**kB9y ]Ɋ&  !B9yk F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec3d5ed0-c533-465b-8334-24f133165a46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion=**lB9y ]Ɋ& !B9yl F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=401dbaac-98d0-4a68-9b20-479a0378ce6f HostApplication=powershell Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion=4.0 RunspaceId=ec3d5ed0-c533-465b-8334-24f133165a46 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ce**8m{ ]Ɋ& !X{m F&jAliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ou8**Pn{ ]Ɋ& !X{n F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ypP**Po{ ]Ɋ& !X{o F&~FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sNamP**Hp{ ]Ɋ& !X{p F&vFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=yptiH**Hq{ ]Ɋ& !X{q F&vRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ftVoH**Hr{ ]Ɋ& !X{r F&xVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ritH**s{ ]Ɋ& !{s F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aace691-150b-47ba-9a50-bdd44e8d3600 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ion**t{ ]Ɋ& !{t F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=68f7c266-46f6-4b38-b4f9-c242e3bb849d HostApplication=powershell Get-MpComputerStatus | fl AntivirusEnabled, AntivirusSignatureLastUpdated, QuickScanEndTime | Out-String -width 65535 EngineVersion=4.0 RunspaceId=0aace691-150b-47ba-9a50-bdd44e8d3600 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=o**Xu{ ]Ɋ& !X{u F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=-US;X**pv{ ]Ɋ& !X{v F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=ostVp**hw{ ]Ɋ& !X{w F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=edh**`x{ ]Ɋ& !X{x F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=*`**`y{ ]Ɋ& !X{y F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Ru`**`z{ ]Ɋ& !X{z F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=r`**{{ ]Ɋ& !{{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=558b8ff7-a57d-4a90-82f9-30e0044ece9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=p**|{ ]Ɋ& !{| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=73239ea7-bf27-4340-98ff-9bc7b1ed67db HostApplication=powershell Get-WmiObject -namespace Root\cimv2\security\MicrosoftVolumeEncryption -ClassName Win32_Encryptablevolume | Out-String -width 65535 EngineVersion=4.0 RunspaceId=558b8ff7-a57d-4a90-82f9-30e0044ece9f PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Get**(}{ ]Ɋ& !X{} F&\AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=6(**@~{ ]Ɋ& !X{~ F&tEnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=d@**@{ ]Ɋ& !X{ F&pFileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=@**8{ ]Ɋ& !X{ F&hFunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= C8**8{ ]Ɋ& !X{ F&hRegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=bal8**8{ ]Ɋ& !X{ F&jVariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=in8**{ ]Ɋ& !{ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e1ed133e-1614-4d15-ae91-397650a88538 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=RE**| ]Ɋ& !| F&StoppedAvailable NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=4.0 HostId=0057ad51-585b-42e9-bc9f-c5c74a1ca6a7 HostApplication=powershell Set-Culture en-US; Get-HotFix | select @{l='InstalledOn';e={ [DateTime]::Parse($_.psbase.properties['installedon'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}} | sort-object InstalledOn | select-object -last 1 EngineVersion=4.0 RunspaceId=e1ed133e-1614-4d15-ae91-397650a88538 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Host**X^ ]Ɋ& !X^ F&AliasStarted ProviderName=Alias NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=4X**p^ ]Ɋ& !X^ F&EnvironmentStarted ProviderName=Environment NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=1p**p^ ]Ɋ& !X^ F&FileSystemStarted ProviderName=FileSystem NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Stap**h^ ]Ɋ& !X^ F&FunctionStarted ProviderName=Function NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=stVh**h^ ]Ɋ& !X^ F&RegistryStarted ProviderName=Registry NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=Apph**h^ ]Ɋ& !X^ F&VariableStarted ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=| h**^ ]Ɋ&  !^ F&AvailableNone NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=4.0 HostId=04cc4412-a304-4db7-8230-2238a4472444 HostApplication=powershell Set-Culture en-US; gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* , HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | fl DisplayName, DisplayVersion, Publisher, @{l='InstallDate';e={ [DateTime]::Parse($_.psbase.properties['installdate'].value, $([System.Globalization.CultureInfo]::GetCultureInfo('en-US')))}}, EstimatedSize | Out-String -width 65535 EngineVersion=4.0 RunspaceId=33110b96-e41c-4bab-a3c2-91275f8ea8eb PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=sbe.properties ]Ɋ& Cu F&n-US')))}} | Out-String -width 65535 | Sort-Object InstalledOn -Descending EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= CoandLine= ]Ɋ& XHh4Z F&) F&nce -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | fl displayName, productState | Out-String -width 65535 EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine= `ommandPath=  ]Ɋ& X+ F&X