Event Receive Time,Reporting IP,Event Type,Event Name,Raw Event Log 02-04-20 11:54,X.X.X.X,Unknown_EventType,Unknown event type,"2020-04-02T06:28:07Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Apr 02 2020 06:28:07"" [deviceTime]=""Apr 02 2020 06:28:07"" [msg]=""Pipeline execution details for command line: Microsoft.PowerShell.Core\\Set-StrictMode -Off . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=215 UserId=SOC\\non-admin-user HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=a36f0ae1-4552-462d-ba41-913fe3cc9b1d HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=74f07b7d-201a-4e53-85b7-c54d79d7e274 PipelineId=94 ScriptName=C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.2\\PSReadLine.psm1 CommandLine= Microsoft.PowerShell.Core\\Set-StrictMode -Off Details: CommandInvocation(Set-StrictMode): \""Set-StrictMode\"" ParameterBinding(Set-StrictMode): name=\""Off\""; value=\""True\"" """ 02-04-20 11:54,X.X.X.X,Unknown_EventType,Unknown event type,"2020-04-02T06:28:07Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Apr 02 2020 06:28:07"" [deviceTime]=""Apr 02 2020 06:28:07"" [msg]=""Pipeline execution details for command line: . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=213 UserId=SOC\\non-admin-user HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=a36f0ae1-4552-462d-ba41-913fe3cc9b1d HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=74f07b7d-201a-4e53-85b7-c54d79d7e274 PipelineId=92 ScriptName= CommandLine= Details: CommandInvocation(Out-Default): \""Out-Default\"" """ 02-04-20 11:54,X.X.X.X,Unknown_EventType,Unknown event type,"2020-04-02T06:27:59Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Apr 02 2020 06:27:59"" [deviceTime]=""Apr 02 2020 06:27:59"" [msg]=""Pipeline execution details for command line: Microsoft.PowerShell.Core\\Set-StrictMode -Off . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=211 UserId=SOC\\non-admin-user HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=a36f0ae1-4552-462d-ba41-913fe3cc9b1d HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=74f07b7d-201a-4e53-85b7-c54d79d7e274 PipelineId=91 ScriptName=C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.2\\PSReadLine.psm1 CommandLine= Microsoft.PowerShell.Core\\Set-StrictMode -Off Details: CommandInvocation(Set-StrictMode): \""Set-StrictMode\"" ParameterBinding(Set-StrictMode): name=\""Off\""; value=\""True\"" """ 02-04-20 11:54,X.X.X.X,Unknown_EventType,Unknown event type,"2020-04-02T06:27:59Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Apr 02 2020 06:27:59"" [deviceTime]=""Apr 02 2020 06:27:59"" [msg]=""Pipeline execution details for command line: . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=209 UserId=SOC\\non-admin-user HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=a36f0ae1-4552-462d-ba41-913fe3cc9b1d HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=74f07b7d-201a-4e53-85b7-c54d79d7e274 PipelineId=89 ScriptName= CommandLine= Details: CommandInvocation(Out-Default): \""Out-Default\"" ParameterBinding(Out-Default): name=\""InputObject\""; value=\""NT AUTHORITY\\Authenticated Users\"" ParameterBinding(Out-Default): name=\""InputObject\""; value=\""NT AUTHORITY\\INTERACTIVE\"" ParameterBinding(Out-Default): name=\""InputObject\""; value=\""SOC\\Domain Users\"" """ 02-04-20 11:54,X.X.X.X,Unknown_EventType,Unknown event type,"2020-04-02T06:27:59Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Apr 02 2020 06:27:59"" [deviceTime]=""Apr 02 2020 06:27:59"" [msg]=""Pipeline execution details for command line: get-localgroupmember -group Users. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=207 UserId=SOC\\non-admin-user HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=a36f0ae1-4552-462d-ba41-913fe3cc9b1d HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=74f07b7d-201a-4e53-85b7-c54d79d7e274 PipelineId=89 ScriptName= CommandLine=get-localgroupmember -group Users Details: CommandInvocation(Get-LocalGroupMember): \""Get-LocalGroupMember\"" ParameterBinding(Get-LocalGroupMember): name=\""Group\""; value=\""Users\"" """ 02-04-20 11:54,X.X.X.X,Unknown_EventType,Unknown event type,"2020-04-02T06:27:53Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Apr 02 2020 06:27:53"" [deviceTime]=""Apr 02 2020 06:27:53"" [msg]=""Pipeline execution details for command line: get-childitem C:\\Users\\. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=201 UserId=SOC\\non-admin-user HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=a36f0ae1-4552-462d-ba41-913fe3cc9b1d HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=74f07b7d-201a-4e53-85b7-c54d79d7e274 PipelineId=86 ScriptName= CommandLine=get-childitem C:\\Users\\ Details: CommandInvocation(Get-ChildItem): \""Get-ChildItem\"" ParameterBinding(Get-ChildItem): name=\""Path\""; value=\""C:\\Users\\\"" """ 02-04-20 11:54,X.X.X.X,Unknown_EventType,Unknown event type,"2020-04-02T06:27:53Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Apr 02 2020 06:27:53"" [deviceTime]=""Apr 02 2020 06:27:53"" [msg]=""Pipeline execution details for command line: Microsoft.PowerShell.Core\\Set-StrictMode -Off . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=205 UserId=SOC\\non-admin-user HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=a36f0ae1-4552-462d-ba41-913fe3cc9b1d HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=74f07b7d-201a-4e53-85b7-c54d79d7e274 PipelineId=88 ScriptName=C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.2\\PSReadLine.psm1 CommandLine= Microsoft.PowerShell.Core\\Set-StrictMode -Off Details: CommandInvocation(Set-StrictMode): \""Set-StrictMode\"" ParameterBinding(Set-StrictMode): name=\""Off\""; value=\""True\"" """ 02-04-20 11:54,X.X.X.X,Unknown_EventType,Unknown event type,"2020-04-02T06:27:53Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Apr 02 2020 06:27:53"" [deviceTime]=""Apr 02 2020 06:27:53"" [msg]=""Pipeline execution details for command line: . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=203 UserId=SOC\\non-admin-user HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=a36f0ae1-4552-462d-ba41-913fe3cc9b1d HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=74f07b7d-201a-4e53-85b7-c54d79d7e274 PipelineId=86 ScriptName= CommandLine= Details: CommandInvocation(Out-Default): \""Out-Default\"" ParameterBinding(Out-Default): name=\""InputObject\""; value=\""admin-user\"" ParameterBinding(Out-Default): name=\""InputObject\""; value=\""administrator\"" ParameterBinding(Out-Default): name=\""InputObject\""; value=\""DefaultAppPool\"" ParameterBinding(Out-Default): name=\""InputObject\""; value=\""non-admin-user\"" ParameterBinding(Out-Default): name=\""InputObject\""; value=\""Public\"" ParameterBinding(Out-Default): name=\""InputObject\""; value=\""wazuh-agent-win\"" """ 28-03-20 09:40,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:12:21Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:12:21"" [deviceTime]=""Mar 28 2020 04:12:21"" [msg]=""Pipeline execution details for command line: Microsoft.PowerShell.Core\\Set-StrictMode -Off . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=31 UserId=SOC\\Administrator HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=a2269495-e1a8-43df-a2db-2434648b6274 PipelineId=16 ScriptName=C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.2\\PSReadLine.psm1 CommandLine= Microsoft.PowerShell.Core\\Set-StrictMode -Off Details: CommandInvocation(Set-StrictMode): \""Set-StrictMode\"" ParameterBinding(Set-StrictMode): name=\""Off\""; value=\""True\"" """ 28-03-20 09:40,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:12:20Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:12:20"" [deviceTime]=""Mar 28 2020 04:12:20"" [msg]=""Pipeline execution details for command line: . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=29 UserId=SOC\\Administrator HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=a2269495-e1a8-43df-a2db-2434648b6274 PipelineId=14 ScriptName= CommandLine= Details: CommandInvocation(Out-Default): \""Out-Default\"" TerminatingError(): \""The pipeline has been stopped.\"" """ 28-03-20 09:40,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:12:20Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:12:20"" [deviceTime]=""Mar 28 2020 04:12:20"" [msg]=""Pipeline execution details for command line: Get-WmiObject. Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=27 UserId=SOC\\Administrator HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=a2269495-e1a8-43df-a2db-2434648b6274 PipelineId=14 ScriptName= CommandLine=Get-WmiObject Details: CommandInvocation(Get-WmiObject): \""Get-WmiObject\"" TerminatingError(): \""The pipeline has been stopped.\"" """ 28-03-20 09:40,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:12:21Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:12:21"" [deviceTime]=""Mar 28 2020 04:12:21"" [msg]=""Pipeline execution details for command line: Microsoft.PowerShell.Core\\Set-StrictMode -Off . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=35 UserId=SOC\\Administrator HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=a2269495-e1a8-43df-a2db-2434648b6274 PipelineId=20 ScriptName=C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.2\\PSReadLine.psm1 CommandLine= Microsoft.PowerShell.Core\\Set-StrictMode -Off Details: CommandInvocation(Set-StrictMode): \""Set-StrictMode\"" ParameterBinding(Set-StrictMode): name=\""Off\""; value=\""True\"" """ 28-03-20 09:40,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:12:21Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:12:21"" [deviceTime]=""Mar 28 2020 04:12:21"" [msg]=""Pipeline execution details for command line: Microsoft.PowerShell.Core\\Set-StrictMode -Off . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=33 UserId=SOC\\Administrator HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=a2269495-e1a8-43df-a2db-2434648b6274 PipelineId=18 ScriptName=C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.2\\PSReadLine.psm1 CommandLine= Microsoft.PowerShell.Core\\Set-StrictMode -Off Details: CommandInvocation(Set-StrictMode): \""Set-StrictMode\"" ParameterBinding(Set-StrictMode): name=\""Off\""; value=\""True\"" """ 28-03-20 09:40,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:12:16Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:12:16"" [deviceTime]=""Mar 28 2020 04:12:16"" [msg]=""Pipeline execution details for command line: . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=23 UserId=SOC\\Administrator HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=a2269495-e1a8-43df-a2db-2434648b6274 PipelineId=10 ScriptName= CommandLine= Details: CommandInvocation(Resolve-Path): \""Resolve-Path\"" ParameterBinding(Resolve-Path): name=\""ErrorAction\""; value=\""Ignore\"" ParameterBinding(Resolve-Path): name=\""WarningAction\""; value=\""Ignore\"" ParameterBinding(Resolve-Path): name=\""InformationAction\""; value=\""Ignore\"" ParameterBinding(Resolve-Path): name=\""Verbose\""; value=\""False\"" ParameterBinding(Resolve-Path): name=\""Debug\""; value=\""False\"" ParameterBinding(Resolve-Path): name=\""Path\""; value=\""get-wm*\"" """ 28-03-20 09:40,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:12:16Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:12:16"" [deviceTime]=""Mar 28 2020 04:12:16"" [msg]=""Pipeline execution details for command line: . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=25 UserId=SOC\\Administrator HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=a2269495-e1a8-43df-a2db-2434648b6274 PipelineId=12 ScriptName= CommandLine= Details: CommandInvocation(Get-ChildItem): \""Get-ChildItem\"" ParameterBinding(Get-ChildItem): name=\""ErrorAction\""; value=\""Ignore\"" ParameterBinding(Get-ChildItem): name=\""WarningAction\""; value=\""Ignore\"" ParameterBinding(Get-ChildItem): name=\""InformationAction\""; value=\""Ignore\"" ParameterBinding(Get-ChildItem): name=\""Verbose\""; value=\""False\"" ParameterBinding(Get-ChildItem): name=\""Debug\""; value=\""False\"" ParameterBinding(Get-ChildItem): name=\""Path\""; value=\""get-wm*\"" ParameterBinding(Get-ChildItem): name=\""Hidden\""; value=\""True\"" """ 28-03-20 09:33,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:05:44Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:05:44"" [deviceTime]=""Mar 28 2020 04:05:44"" [msg]=""Pipeline execution details for command line: . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=19 UserId=SOC\\Administrator HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=a2269495-e1a8-43df-a2db-2434648b6274 PipelineId=6 ScriptName= CommandLine= Details: CommandInvocation(Out-Default): \""Out-Default\"" """ 28-03-20 09:33,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:05:44Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:05:44"" [deviceTime]=""Mar 28 2020 04:05:44"" [msg]=""Pipeline execution details for command line: Microsoft.PowerShell.Core\\Set-StrictMode -Off . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=21 UserId=SOC\\Administrator HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=a2269495-e1a8-43df-a2db-2434648b6274 PipelineId=8 ScriptName=C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.2\\PSReadLine.psm1 CommandLine= Microsoft.PowerShell.Core\\Set-StrictMode -Off Details: CommandInvocation(Set-StrictMode): \""Set-StrictMode\"" ParameterBinding(Set-StrictMode): name=\""Off\""; value=\""True\"" """ 28-03-20 09:33,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:04:45Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:04:45"" [deviceTime]=""Mar 28 2020 04:04:45"" [msg]=""Pipeline execution details for command line: Microsoft.PowerShell.Core\\Set-StrictMode -Off . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=15 UserId=SOC\\Administrator HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=a2269495-e1a8-43df-a2db-2434648b6274 PipelineId=3 ScriptName=C:\\Program Files\\WindowsPowerShell\\Modules\\PSReadline\\1.2\\PSReadLine.psm1 CommandLine= Microsoft.PowerShell.Core\\Set-StrictMode -Off Details: CommandInvocation(Set-StrictMode): \""Set-StrictMode\"" ParameterBinding(Set-StrictMode): name=\""Off\""; value=\""True\"" """ 28-03-20 09:33,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:04:47Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""800"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:04:47"" [deviceTime]=""Mar 28 2020 04:04:47"" [msg]=""Pipeline execution details for command line: . Context Information: DetailSequence=1 DetailTotal=1 SequenceNumber=17 UserId=SOC\\Administrator HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=a2269495-e1a8-43df-a2db-2434648b6274 PipelineId=4 ScriptName= CommandLine= Details: CommandInvocation(Get-Variable): \""Get-Variable\"" ParameterBinding(Get-Variable): name=\""Name\""; value=\""host\"" ParameterBinding(Get-Variable): name=\""ValueOnly\""; value=\""True\"" """ 28-03-20 09:33,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:04:45Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""400"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:04:44"" [deviceTime]=""Mar 28 2020 04:04:44"" [msg]=""Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=a2269495-e1a8-43df-a2db-2434648b6274 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 28-03-20 09:33,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:04:45Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:04:44"" [deviceTime]=""Mar 28 2020 04:04:44"" [msg]=""Provider \""Variable\"" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 28-03-20 09:33,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:04:45Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:04:44"" [deviceTime]=""Mar 28 2020 04:04:44"" [msg]=""Provider \""Function\"" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 28-03-20 09:33,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:04:45Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:04:44"" [deviceTime]=""Mar 28 2020 04:04:44"" [msg]=""Provider \""FileSystem\"" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 28-03-20 09:33,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:04:45Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:04:44"" [deviceTime]=""Mar 28 2020 04:04:44"" [msg]=""Provider \""Registry\"" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 28-03-20 09:33,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:04:45Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:04:44"" [deviceTime]=""Mar 28 2020 04:04:44"" [msg]=""Provider \""Environment\"" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 28-03-20 09:33,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-28T04:04:45Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 28 2020 04:04:44"" [deviceTime]=""Mar 28 2020 04:04:44"" [msg]=""Provider \""Alias\"" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=03654f7f-71bf-4c51-be29-423593bf8e99 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:42,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:14:09Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:14:09"" [deviceTime]=""Mar 26 2020 12:14:09"" [msg]=""Provider \""Function\"" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=6e9d3b0b-752f-4933-90a9-b27eee4880e6 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:42,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:14:09Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:14:09"" [deviceTime]=""Mar 26 2020 12:14:09"" [msg]=""Provider \""Alias\"" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=6e9d3b0b-752f-4933-90a9-b27eee4880e6 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:42,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:14:09Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""400"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:14:09"" [deviceTime]=""Mar 26 2020 12:14:09"" [msg]=""Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=6e9d3b0b-752f-4933-90a9-b27eee4880e6 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=dd283645-6fb3-4823-bacb-f9e42906bb89 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:42,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:14:09Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:14:09"" [deviceTime]=""Mar 26 2020 12:14:09"" [msg]=""Provider \""Registry\"" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=6e9d3b0b-752f-4933-90a9-b27eee4880e6 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:42,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:14:09Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:14:09"" [deviceTime]=""Mar 26 2020 12:14:09"" [msg]=""Provider \""Variable\"" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=6e9d3b0b-752f-4933-90a9-b27eee4880e6 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:42,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:14:09Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:14:09"" [deviceTime]=""Mar 26 2020 12:14:09"" [msg]=""Provider \""Environment\"" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=6e9d3b0b-752f-4933-90a9-b27eee4880e6 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:42,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:14:09Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:14:09"" [deviceTime]=""Mar 26 2020 12:14:09"" [msg]=""Provider \""FileSystem\"" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=6e9d3b0b-752f-4933-90a9-b27eee4880e6 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:42,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:13:53Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:13:53"" [deviceTime]=""Mar 26 2020 12:13:53"" [msg]=""Provider \""Alias\"" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=4ae028d9-12d2-4f37-b8df-02f034df06dc HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:42,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:13:53Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:13:53"" [deviceTime]=""Mar 26 2020 12:13:53"" [msg]=""Provider \""Function\"" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=4ae028d9-12d2-4f37-b8df-02f034df06dc HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:42,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:13:53Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:13:53"" [deviceTime]=""Mar 26 2020 12:13:53"" [msg]=""Provider \""Registry\"" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=4ae028d9-12d2-4f37-b8df-02f034df06dc HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:42,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:13:53Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:13:53"" [deviceTime]=""Mar 26 2020 12:13:53"" [msg]=""Provider \""FileSystem\"" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=4ae028d9-12d2-4f37-b8df-02f034df06dc HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:42,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:13:53Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:13:53"" [deviceTime]=""Mar 26 2020 12:13:53"" [msg]=""Provider \""Variable\"" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=4ae028d9-12d2-4f37-b8df-02f034df06dc HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:42,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:13:53Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:13:53"" [deviceTime]=""Mar 26 2020 12:13:53"" [msg]=""Provider \""Environment\"" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=4ae028d9-12d2-4f37-b8df-02f034df06dc HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:42,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:13:53Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""400"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:13:53"" [deviceTime]=""Mar 26 2020 12:13:53"" [msg]=""Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=4ae028d9-12d2-4f37-b8df-02f034df06dc HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=6e6acd15-8187-4560-a5f3-94b97fbf55e8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:38,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:10:02Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""400"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:10:02"" [deviceTime]=""Mar 26 2020 12:10:02"" [msg]=""Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=6ef5a5b5-0d25-4841-a448-e283b24bf5a3 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=965d06ae-5ac5-4c3e-8d66-01c7c713c159 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:38,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:10:02Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:10:02"" [deviceTime]=""Mar 26 2020 12:10:02"" [msg]=""Provider \""FileSystem\"" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=6ef5a5b5-0d25-4841-a448-e283b24bf5a3 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:38,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:10:02Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:10:02"" [deviceTime]=""Mar 26 2020 12:10:02"" [msg]=""Provider \""Registry\"" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=6ef5a5b5-0d25-4841-a448-e283b24bf5a3 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:38,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:10:02Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:10:02"" [deviceTime]=""Mar 26 2020 12:10:02"" [msg]=""Provider \""Function\"" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=6ef5a5b5-0d25-4841-a448-e283b24bf5a3 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:38,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:10:02Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:10:02"" [deviceTime]=""Mar 26 2020 12:10:02"" [msg]=""Provider \""Alias\"" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=6ef5a5b5-0d25-4841-a448-e283b24bf5a3 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:38,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:10:02Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:10:02"" [deviceTime]=""Mar 26 2020 12:10:02"" [msg]=""Provider \""Variable\"" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=6ef5a5b5-0d25-4841-a448-e283b24bf5a3 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:38,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:10:02Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:10:02"" [deviceTime]=""Mar 26 2020 12:10:02"" [msg]=""Provider \""Environment\"" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=6ef5a5b5-0d25-4841-a448-e283b24bf5a3 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:36,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:08:39Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:08:39"" [deviceTime]=""Mar 26 2020 12:08:39"" [msg]=""Provider \""Environment\"" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=590c1566-b8bc-400b-93b4-05045f764d7c HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:36,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:08:39Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:08:39"" [deviceTime]=""Mar 26 2020 12:08:39"" [msg]=""Provider \""Registry\"" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=590c1566-b8bc-400b-93b4-05045f764d7c HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:36,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:08:39Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:08:39"" [deviceTime]=""Mar 26 2020 12:08:39"" [msg]=""Provider \""Variable\"" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=590c1566-b8bc-400b-93b4-05045f764d7c HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:36,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:08:39Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:08:39"" [deviceTime]=""Mar 26 2020 12:08:39"" [msg]=""Provider \""Function\"" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=590c1566-b8bc-400b-93b4-05045f764d7c HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:36,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:08:39Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:08:39"" [deviceTime]=""Mar 26 2020 12:08:39"" [msg]=""Provider \""FileSystem\"" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=590c1566-b8bc-400b-93b4-05045f764d7c HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:36,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:08:39Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:08:39"" [deviceTime]=""Mar 26 2020 12:08:39"" [msg]=""Provider \""Alias\"" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=590c1566-b8bc-400b-93b4-05045f764d7c HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:36,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:08:39Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""400"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:08:39"" [deviceTime]=""Mar 26 2020 12:08:39"" [msg]=""Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=590c1566-b8bc-400b-93b4-05045f764d7c HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=ee9b1419-0bd5-45af-9243-34bd3fb15a0b PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:36,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:08:01Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:08:01"" [deviceTime]=""Mar 26 2020 12:08:01"" [msg]=""Provider \""Variable\"" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=7034b2e6-919d-4941-b2e8-ca930780ff90 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:36,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:08:01Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:08:01"" [deviceTime]=""Mar 26 2020 12:08:01"" [msg]=""Provider \""Environment\"" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=7034b2e6-919d-4941-b2e8-ca930780ff90 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:36,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:08:01Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:08:01"" [deviceTime]=""Mar 26 2020 12:08:01"" [msg]=""Provider \""FileSystem\"" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=7034b2e6-919d-4941-b2e8-ca930780ff90 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:36,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:08:01Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""400"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:08:01"" [deviceTime]=""Mar 26 2020 12:08:01"" [msg]=""Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=7034b2e6-919d-4941-b2e8-ca930780ff90 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=e49002b7-c290-45d9-8407-ff4ec04d2ce8 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:36,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:08:01Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:08:01"" [deviceTime]=""Mar 26 2020 12:08:01"" [msg]=""Provider \""Function\"" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=7034b2e6-919d-4941-b2e8-ca930780ff90 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:36,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:08:01Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:08:01"" [deviceTime]=""Mar 26 2020 12:08:01"" [msg]=""Provider \""Alias\"" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=7034b2e6-919d-4941-b2e8-ca930780ff90 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 17:36,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T12:08:01Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 12:08:01"" [deviceTime]=""Mar 26 2020 12:08:01"" [msg]=""Provider \""Registry\"" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=7034b2e6-919d-4941-b2e8-ca930780ff90 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 15:45,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T10:16:08Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 10:16:08"" [deviceTime]=""Mar 26 2020 10:16:08"" [msg]=""Provider \""Alias\"" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=52e47b7d-9ce1-4cf6-821a-e0e179cca6b3 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 15:45,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T10:16:08Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 10:16:08"" [deviceTime]=""Mar 26 2020 10:16:08"" [msg]=""Provider \""Variable\"" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=52e47b7d-9ce1-4cf6-821a-e0e179cca6b3 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 15:45,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T10:16:08Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 10:16:08"" [deviceTime]=""Mar 26 2020 10:16:08"" [msg]=""Provider \""Registry\"" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=52e47b7d-9ce1-4cf6-821a-e0e179cca6b3 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 15:45,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T10:16:08Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 10:16:08"" [deviceTime]=""Mar 26 2020 10:16:08"" [msg]=""Provider \""FileSystem\"" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=52e47b7d-9ce1-4cf6-821a-e0e179cca6b3 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 15:45,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T10:16:08Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 10:16:08"" [deviceTime]=""Mar 26 2020 10:16:08"" [msg]=""Provider \""Function\"" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=52e47b7d-9ce1-4cf6-821a-e0e179cca6b3 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 15:45,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T10:16:08Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""400"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 10:16:08"" [deviceTime]=""Mar 26 2020 10:16:08"" [msg]=""Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=52e47b7d-9ce1-4cf6-821a-e0e179cca6b3 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=bd6dadec-6216-4ed0-8246-d219e39194e4 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 26-03-20 15:45,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-26T10:16:08Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 26 2020 10:16:08"" [deviceTime]=""Mar 26 2020 10:16:08"" [msg]=""Provider \""Environment\"" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=52e47b7d-9ce1-4cf6-821a-e0e179cca6b3 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 25-03-20 18:57,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-25T13:29:41Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 25 2020 13:29:41"" [deviceTime]=""Mar 25 2020 13:29:41"" [msg]=""Provider \""Environment\"" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=507c384d-f178-499b-bb37-19e7490cdb1c HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 25-03-20 18:57,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-25T13:29:41Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 25 2020 13:29:41"" [deviceTime]=""Mar 25 2020 13:29:41"" [msg]=""Provider \""Variable\"" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=507c384d-f178-499b-bb37-19e7490cdb1c HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 25-03-20 18:57,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-25T13:29:41Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 25 2020 13:29:41"" [deviceTime]=""Mar 25 2020 13:29:41"" [msg]=""Provider \""Function\"" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=507c384d-f178-499b-bb37-19e7490cdb1c HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 25-03-20 18:57,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-25T13:29:41Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 25 2020 13:29:41"" [deviceTime]=""Mar 25 2020 13:29:41"" [msg]=""Provider \""FileSystem\"" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=507c384d-f178-499b-bb37-19e7490cdb1c HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 25-03-20 18:57,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-25T13:29:41Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 25 2020 13:29:41"" [deviceTime]=""Mar 25 2020 13:29:41"" [msg]=""Provider \""Registry\"" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=507c384d-f178-499b-bb37-19e7490cdb1c HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 25-03-20 18:57,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-25T13:29:41Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""400"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 25 2020 13:29:41"" [deviceTime]=""Mar 25 2020 13:29:41"" [msg]=""Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=507c384d-f178-499b-bb37-19e7490cdb1c HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=d1524060-743d-4d29-825f-c796ab668169 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 25-03-20 18:57,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-25T13:29:41Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 25 2020 13:29:41"" [deviceTime]=""Mar 25 2020 13:29:41"" [msg]=""Provider \""Alias\"" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=507c384d-f178-499b-bb37-19e7490cdb1c HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 25-03-20 17:10,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-25T11:41:42Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""400"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 25 2020 11:41:42"" [deviceTime]=""Mar 25 2020 11:41:42"" [msg]=""Engine state is changed from None to Available. Details: NewEngineState=Available PreviousEngineState=None SequenceNumber=13 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=cdfe7491-5738-4e37-aa75-ac22f9ac9af4 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion=5.1.16299.15 RunspaceId=0eb9781b-7b40-4724-b1ce-d043c15ed242 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 25-03-20 17:10,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-25T11:41:42Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 25 2020 11:41:42"" [deviceTime]=""Mar 25 2020 11:41:42"" [msg]=""Provider \""Variable\"" is Started. Details: ProviderName=Variable NewProviderState=Started SequenceNumber=11 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=cdfe7491-5738-4e37-aa75-ac22f9ac9af4 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 25-03-20 17:10,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-25T11:41:42Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 25 2020 11:41:42"" [deviceTime]=""Mar 25 2020 11:41:42"" [msg]=""Provider \""Registry\"" is Started. Details: ProviderName=Registry NewProviderState=Started SequenceNumber=1 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=cdfe7491-5738-4e37-aa75-ac22f9ac9af4 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 25-03-20 17:10,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-25T11:41:42Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 25 2020 11:41:42"" [deviceTime]=""Mar 25 2020 11:41:42"" [msg]=""Provider \""Alias\"" is Started. Details: ProviderName=Alias NewProviderState=Started SequenceNumber=3 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=cdfe7491-5738-4e37-aa75-ac22f9ac9af4 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 25-03-20 17:10,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-25T11:41:42Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 25 2020 11:41:42"" [deviceTime]=""Mar 25 2020 11:41:42"" [msg]=""Provider \""Function\"" is Started. Details: ProviderName=Function NewProviderState=Started SequenceNumber=9 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=cdfe7491-5738-4e37-aa75-ac22f9ac9af4 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 25-03-20 17:10,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-25T11:41:42Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 25 2020 11:41:42"" [deviceTime]=""Mar 25 2020 11:41:42"" [msg]=""Provider \""Environment\"" is Started. Details: ProviderName=Environment NewProviderState=Started SequenceNumber=5 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=cdfe7491-5738-4e37-aa75-ac22f9ac9af4 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=""" 25-03-20 17:10,X.X.X.X,Unknown_EventType,Unknown event type,"2020-03-25T11:41:42Z Win-Server X.X.X.X AccelOps-WUA-WinLog-Windows PowerShell [phCustId]=""1"" [customer]=""Super"" [monitorStatus]=""Success"" [Locale]=""en-US"" [MachineGuid]=""1f08a282-8faa-454e-a4cc-bbb0ba7eb343"" [timeZone]=""+0530"" [eventName]=""Windows PowerShell"" [eventSource]=""PowerShell"" [eventId]=""600"" [eventType]=""Information"" [domain]="""" [computer]=""Win-Server"" [user]="""" [userSID]="""" [userSIDAcctType]="""" [eventTime]=""Mar 25 2020 11:41:42"" [deviceTime]=""Mar 25 2020 11:41:42"" [msg]=""Provider \""FileSystem\"" is Started. Details: ProviderName=FileSystem NewProviderState=Started SequenceNumber=7 HostName=ConsoleHost HostVersion=5.1.16299.15 HostId=cdfe7491-5738-4e37-aa75-ac22f9ac9af4 HostApplication=C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe EngineVersion= RunspaceId= PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine="""