https://evotec.xyz/es/tags/powershellmanagerEvotec Main Websitehttps://evotec.xyz/es/blog/restoring-recovering-powershell-scripts-from-event-logsA few days ago, I was asked to take a look at PowerShell Malware. While I don’t know much about malware, my curiosity didn’t let me skip on this occasion, and I was handed over WindowsPowerShell.evtx file. Ok, that’s not what I expected! I wanted PowerShell .ps1 files that I can read and assess? Well, you play with the cards you were dealt with. What I was handed over was PowerShell Event Log. PowerShell writes whatever you execute, and it thinks it is risky, to Windows PowerShell Operation Event Log.Fri, 28 Aug 2020 15:39:28 GMThttps://evotec.xyz/es/blog/restoring-recovering-powershell-scripts-from-event-logsevent logget-eventspowershellpowershellmanagerpseventviewerWindows