Get-Content $env:SystemRoot\\System32\\Drivers\\etc\\hosts

Get-WinEvent -Path 'C:\\Users\\Administrator\\Desktop\\merged.evtx' -FilterXPath '*"*/System/EventID=4104 ' -Oldest -MaxEvents 1 | Format-List '*'

Get-WinEvent  -Path 'C:\\Users\\Administrator\\Desktop\\merged.evtx'  -FilterXPath '*/EventData/Data[@Name="CallerProcessName"]="C:\\Windows\\System32\\net1.exe"' |Where-Object -Property Id -eq 4799 | Format-List '*'

Get-WinEvent -Path 'C:\\Windows\\System32\\winevt\\Logs\\Security.evtx' -FilterXPath ' */System/EventID=4624 and */EventData/Data[@Name="TargetUserName"]="John"'

ForEach ($user in Get-LocalUser) {echo $user.Name $user.Lastlogon}

Get-LocalGroupMember -Group "Administrators"