Event ID:
Source:
PowerShell
Category:
Engine Lifecycle
Message:
Engine state is changed from None to Available.

Details:
NewEngineState=Available
PreviousEngineState=None

SequenceNumber=134

HostName=ConsoleHost
HostVersion=2.0
HostId=e14c96d4-bf0d-4a3a-8e84-c7851ebb29d7
EngineVersion=2.0
RunspaceId=7b090c70-10a9-43d7-9ce4-15a8b1bc0e0b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=


Event ID:
Source:
PowerShell
Category:
Engine Lifecycle
Message:
Engine state is changed from Available to Stopped.

Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=125
HostName=ConsoleHost
HostVersion=2.0
HostId=e668b266-c1e3-4faa-2242-90c012cd4691
EngineVersion=2.0
RunspaceId=ed6416ce-3230-40b2-9d58-c5b709b4f3d9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=



Event ID:
Source:
PowerShell
Category:
Command Lifecycle
Message:
Command "Write-Host" is Started.

Details:
NewCommandState=Started
SequenceNumber=19
HostName=ConsoleHost
HostVersion=2.0
HostId=1cf19884-fbfb-4930-859a-45bb18793e35
EngineVersion=2.0
RunspaceId=52cbe49e-d6ed-4690-9cff-b96759ed4894
PipelineId=2
CommandName=Write-Host
CommandType=Cmdlet
ScriptName=
CommandPath=
CommandLine=Write-Host Test



Event ID:
Source:
PowerShell
Category:
Command Lifecycle
Message:
Command "Write-Host" is Stopped.

Details:
NewCommandState=Stopped
SequenceNumber=20
HostName=ConsoleHost
HostVersion=2.0
HostId=1cf19884-fbfb-4930-859a-45bb18793e35
EngineVersion=2.0
RunspaceId=52cbe49e-d6ed-4690-9cff-b96759ed4894
PipelineId=2
CommandName=Write-Host
CommandType=Cmdlet
ScriptName=
CommandPath=
CommandLine=Write-Host Test



Event ID:
Source:
PowerShell
Category:
Provider Lifecycle
Message:
Provider "Registry" is Started.

Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=6
HostName=ConsoleHost
HostVersion=2.0
HostId=81e282e6-724d-4184-9600-615816366546
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=


Event ID:
Source:
PowerShell
Category:
Pipeline Execution Details
Message:
Pipeline execution details for command line: Write-Host Test.

Context Information:
DetailSequence=1
DetailTotal=1

SequenceNumber=50

UserId=DOMAIN\username
HostName=ConsoleHost
HostVersion=4.0
HostId=5f2b609e-c195-4914-b7bb-09f492cb0056
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=4.0
RunspaceId=77d31d66-4314-43f4-bf5a-caa6757c2130
PipelineId=8
ScriptName=
CommandLine=Write-Host Test

Details:
CommandInvocation(Write-Host): "Write-Host"
ParameterBinding(Write-Host): name="Object"; value="Test"


Event ID:
Source:
Microsoft-Windows-PowerShell
Category:
Executing Pipeline
Message:
Error Message = File C:\Users\wizard\test.ps1 cannot be loaded. The file C:\Users\wizard\test.ps1 is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.
Fully Qualified Error ID = UnauthorizedAccess
Recommended Action =
Context:
Severity = Warning
Host Name = ConsoleHost
Host Version = 5.1.14393.1944
Host ID = babd41a2-db0f-45d0-ac50-e34b71dd9ac0
Host Application = powershell . .\test.ps1
Engine Version = 5.1.14393.1944
Runspace ID = 0155307c-603a-440d-a22c-85b5c9cbffff
Pipeline ID = 1
Command Name =
Command Type =
Script Name =
Command Path =
Sequence Number = 15
User = DOMAIN\user
Connected User =
Shell ID = Microsoft.PowerShell
User Data:


Event ID:
Source:
Microsoft-Windows-PowerShell
Category:
Executing Pipeline
Message:
CommandInvocation(Write-Host): "Write-Host"
ParameterBinding(Write-Host): name="Object"; value="TestPowerShellV5"


Context:
Severity = Informational
Host Name = ConsoleHost
Host Version = 5.1.14393.1944
Host ID = e44f3df1-0f65-48dc-814a-01219d11a426
Host Application = powershell Write-Host TestPowerShellV5
Engine Version = 5.1.14393.1944
Runspace ID = 0b4180d7-55ca-476a-9712-26e61d5c3be1
Pipeline ID = 1
Command Name = Write-Host
Command Type = Cmdlet
Script Name =
Command Path =
Sequence Number = 16
User = DOMAIN\username
Connected User =
Shell ID = Microsoft.PowerShell


User Data:


Event ID:
Source:
Microsoft-Windows-PowerShell
Category:
PowerShell Console Startup
Message:
PowerShell console is starting up


Event ID:
Source:
Microsoft-Windows-PowerShell
Category:
PowerShell Console Startup
Message:
PowerShell console is ready for user input


Event ID:
Source:
Microsoft-Windows-PowerShell
Category:
Execute a Remote Command
Message:
Creating Scriptblock text (1 of 1):
Write-Host PowerShellV5ScriptBlockLogging

ScriptBlock ID: 6d90e0bb-e381-4834-8fe2-5e076ad267b3
Path:


Event ID:
Source:
PowerShell
Category:
Exécution du pipeline
Message:
Message d’erreur = Paramètre incorrect.


Nom du fournisseur = Microsoft.PowerShell.Core\FileSystem


Contexte :
Gravité = Warning
Nom d’hôte = InstallShield_PS_Host
Version de l’hôte = 1.0.0.0
ID d’hôte = a0925d75-baf4-4609-b69b-8d14a9f85b42
Application hôte = C:\Windows\System32\MsiExec.exe -Embedding 99CAFEB8759CB269DF3B8F5AE58B9B8D
Version du moteur =
ID d’instance d’exécution =
ID de pipeline =
Nom de commande =
Type de commande =
Nom du script =
Chemin de la commande =
Numéro de séquence = 18
Utilisateur = DESKTOP-T0MA7N9\pc2
Utilisateur connecté =
ID d’interpréteur de commandes = Microsoft.PowerShell


Données utilisateur :




Event ID:
Source:
PowerShell
Category:
Engine Lifecycle
Message:
Details:
NewEngineState=Stopped
PreviousEngineState=Available

SequenceNumber=15

HostName=ConsoleHost
HostVersion=5.1.19041.610
HostId=fc1e08f5-6fa2-4b1f-b078-71504abeb1c1
HostApplication=powershell.exe -ExecutionPolicy Restricted -Command Write-Host 'Final result: 1';
EngineVersion=5.1.19041.610
RunspaceId=2825a70e-71d0-4804-9516-922aee2bdbfe
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="PowerShell" />
<EventID Qualifiers="0">403</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>4</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2021-04-09T00:48:26.1133783Z" />
<EventRecordID>40</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Windows PowerShell</Channel>
<Computer>DESKTOP-BSLE0HC</Computer>
<Security />
</System>
<EventData>
<Data>Stopped</Data>
<Data>Available</Data>
<Data> NewEngineState=Stopped
PreviousEngineState=Available

SequenceNumber=15

HostName=ConsoleHost
HostVersion=5.1.19041.610
HostId=fc1e08f5-6fa2-4b1f-b078-71504abeb1c1
HostApplication=powershell.exe -ExecutionPolicy Restricted -Command Write-Host 'Final result: 1';
EngineVersion=5.1.19041.610
RunspaceId=2825a70e-71d0-4804-9516-922aee2bdbfe
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>
</EventData>
</Event>


Event ID:
Source:
powershell
Category:
Engine Lifecycle
Message:
Stopped
Available
NewEngineState=Stopped PreviousEngineState=Available SequenceNumber=15 HostName=ConsoleHost HostVersion=5.1.22598.1 HostId=46dc6910-488c-4202-a87a-de50e5ed56c4 HostApplication=powershell.exe -ExecutionPolicy Restricted -Command Write-Host 'Final result: 1'; EngineVersion=5.1.22598.1 RunspaceId=c9ce49c6-29b1-4d28-85df-b7c49d562b06 PipelineId= CommandName= CommandType= ScriptName= CommandPath= CommandLine=



Event ID:
Source:
PowerShell (PoweShell)
Category:
Task Category (6)
Message:
Details:
ProviderName=Function
NewProviderState=Started

SequenceNumber=9

HostName=ConsoleHost
HostVersion=5.1.19041.2673
HostId=1e6d96ab-43f1-4b85-bd39-3cc54faa962d
HostApplication=powershell.exe -ExecutionPolicy Restricted -Command $Res = 0; $Infs = Get-Item -Path ($env:WinDir + '\inf\*.inf'); foreach ($Inf in $Infs) { $Data = Get-Content $Inf.FullName; if ($Data -match '\[defaultinstall.nt(amd64|arm|arm64|x86)\]') { $Res = 1; break; } } Write-Host 'Final result:', $Res;
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=


Event ID:
Source:
PowerShell (PoweShell)
Category:
Task Category (6)
Message:
Provider "Function" is Started.

Details:
ProviderName=Function
NewProviderState=Started

SequenceNumber=9

HostName=ConsoleHost
HostVersion=5.1.19041.2673
HostId=1e6d96ab-43f1-4b85-bd39-3cc54faa962d
HostApplication=powershell.exe -ExecutionPolicy Restricted -Command $Res = 0; $Infs = Get-Item -Path ($env:WinDir + '\inf\*.inf'); foreach ($Inf in $Infs) { $Data = Get-Content $Inf.FullName; if ($Data -match '\[defaultinstall.nt(amd64|arm|arm64|x86)\]') { $Res = 1; break; } } Write-Host 'Final result:', $Res;
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=


Found 16 records